xtremerat | 9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18

Analysis

max time kernel
144s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
05/12/2022, 11:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18.exe
Size

401KB
MD5

e3ae1c8453baf65007b473efb93371a9
SHA1

3706c2e85ab4530c5a6053e404dfd79d2b73cf9a
SHA256

9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18
SHA512

ad6d5a6569142c37827fcbe57c3798f8bed437c7db688d1488c0a5d3d162fb2eb65d21c2d26265b81e84b695a8ecad03e2a75226e2f2779d3aafe7214f234427
SSDEEP

6144:GFC3m6jvWuAFvJeSUih1xW6PbYOary8fnVW5GJZ2tNYLj8MfsfH6x:GFGWBviU1x43ryuVzYKj86sfHU

Score

10^/10

xtremerat bootkit persistence rat spyware

Malware Config

Signatures

Detect XtremeRAT payload 64 IoCs

resource	yara_rule
behavioral1/memory/1288-56-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/1288-57-0x0000000000C87D44-mapping.dmp	family_xtremerat
behavioral1/memory/1288-58-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/1288-61-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/1288-62-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/1628-66-0x0000000000000000-mapping.dmp	family_xtremerat
behavioral1/memory/1628-69-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/1668-77-0x0000000000C87D44-mapping.dmp	family_xtremerat
behavioral1/memory/1668-84-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/1288-89-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/1544-98-0x0000000000C87D44-mapping.dmp	family_xtremerat
behavioral1/memory/1544-104-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/2044-111-0x0000000000C87D44-mapping.dmp	family_xtremerat
behavioral1/memory/2044-118-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/1668-122-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/1908-127-0x0000000000C87D44-mapping.dmp	family_xtremerat
behavioral1/memory/1032-139-0x0000000000C87D44-mapping.dmp	family_xtremerat
behavioral1/memory/1260-148-0x0000000000C87D44-mapping.dmp	family_xtremerat
behavioral1/memory/1260-154-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/1908-155-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/1032-157-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/1544-162-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/1736-169-0x0000000000C87D44-mapping.dmp	family_xtremerat
behavioral1/memory/1736-178-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/524-182-0x0000000000C87D44-mapping.dmp	family_xtremerat
behavioral1/memory/524-190-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/2044-193-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/904-197-0x0000000000C87D44-mapping.dmp	family_xtremerat
behavioral1/memory/2080-210-0x0000000000C87D44-mapping.dmp	family_xtremerat
behavioral1/memory/2080-219-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/904-220-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/1736-221-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/1908-224-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/2304-228-0x0000000000C87D44-mapping.dmp	family_xtremerat
behavioral1/memory/1032-237-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/2304-238-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/1260-243-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/2504-250-0x0000000000C87D44-mapping.dmp	family_xtremerat
behavioral1/memory/2568-261-0x0000000000C87D44-mapping.dmp	family_xtremerat
behavioral1/memory/2600-267-0x0000000000C87D44-mapping.dmp	family_xtremerat
behavioral1/memory/2568-275-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/2504-276-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/2600-277-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/524-282-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/2928-289-0x0000000000C87D44-mapping.dmp	family_xtremerat
behavioral1/memory/2980-300-0x0000000000C87D44-mapping.dmp	family_xtremerat
behavioral1/memory/2568-308-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/2980-309-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/2928-310-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/904-313-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/2256-317-0x0000000000C87D44-mapping.dmp	family_xtremerat
behavioral1/memory/2080-326-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/1808-330-0x0000000000C87D44-mapping.dmp	family_xtremerat
behavioral1/memory/2532-343-0x0000000000C87D44-mapping.dmp	family_xtremerat
behavioral1/memory/2900-355-0x0000000000C87D44-mapping.dmp	family_xtremerat
behavioral1/memory/1976-365-0x0000000000C87D44-mapping.dmp	family_xtremerat
behavioral1/memory/2360-379-0x0000000000C87D44-mapping.dmp	family_xtremerat
behavioral1/memory/2340-386-0x0000000000C87D44-mapping.dmp	family_xtremerat
behavioral1/memory/2244-401-0x0000000000C87D44-mapping.dmp	family_xtremerat
behavioral1/memory/2500-412-0x0000000000C87D44-mapping.dmp	family_xtremerat
behavioral1/memory/1584-416-0x0000000000C87D44-mapping.dmp	family_xtremerat
behavioral1/memory/3148-436-0x0000000000C87D44-mapping.dmp	family_xtremerat
behavioral1/memory/3168-440-0x0000000000C87D44-mapping.dmp	family_xtremerat
behavioral1/memory/3288-452-0x0000000000C87D44-mapping.dmp	family_xtremerat

XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
persistence spyware rat xtremerat

Executes dropped EXE 64 IoCs

pid	Process
2040	Server.exe
1668	Server.exe
1140	Server.exe
832	Server.exe
1544	Server.exe
920	Server.exe
2044	Server.exe
1696	Server.exe
1908	Server.exe
1536	Server.exe
1032	Server.exe
1260	Server.exe
1668	Server.exe
1696	Server.exe
1736	Server.exe
524	Server.exe
960	Server.exe
904	Server.exe
1536	Server.exe
2080	Server.exe
2272	Server.exe
2304	Server.exe
2368	Server.exe
2448	Server.exe
2488	Server.exe
2504	Server.exe
2568	Server.exe
2600	Server.exe
2844	Server.exe
2868	Server.exe
2928	Server.exe
2980	Server.exe
2004	Server.exe
2256	Server.exe
2324	Server.exe
1808	Server.exe
1056	Server.exe
2532	Server.exe
2856	Server.exe
2900	Server.exe
2692	Server.exe
1976	Server.exe
1908	Server.exe
1632	Server.exe
2360	Server.exe
2340	Server.exe
2176	Server.exe
2724	Server.exe
2244	Server.exe
2280	Server.exe
2500	Server.exe
1584	Server.exe
1412	Server.exe
3120	Server.exe
3148	Server.exe
3168	Server.exe
3236	Server.exe
3288	Server.exe
3368	Server.exe
3388	Server.exe
3556	Server.exe
3592	Server.exe
3736	Server.exe
3776	Server.exe

Modifies Installed Components in the registry 2 TTPs 64 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}	Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart"	Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart"	Server.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}	Server.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}	Server.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}	Server.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}	Server.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}	Server.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}	Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart"	Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart"	Server.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}	Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart"	Server.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}	Server.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}	Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart"	Server.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}	Server.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}	Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart"	Server.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}	Server.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}	Server.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}	Server.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}	Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart"	Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart"	Server.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}	Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart"	Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart"	Server.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}	Server.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}	Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart"	Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart"	Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart"	9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}	Server.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}	Server.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}	Server.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}	Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart"	Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart"	Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart"	Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart"	Server.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}	Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart"	Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart"	Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart"	Server.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}	Server.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}	Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart"	Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe"	svchost.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}	Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart"	Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart"	Server.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}	Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart"	Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart"	Server.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}	Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart"	Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart"	Server.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}	Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart"	Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart"	Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart"	Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart"	Server.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}	Server.exe

Loads dropped DLL 24 IoCs

pid	Process
1628	svchost.exe
1628	svchost.exe
1288	9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18.exe
1628	svchost.exe
1628	svchost.exe
1628	svchost.exe
1628	svchost.exe
1628	svchost.exe
1628	svchost.exe
1628	svchost.exe
1628	svchost.exe
1628	svchost.exe
1628	svchost.exe
1628	svchost.exe
1628	svchost.exe
1628	svchost.exe
1628	svchost.exe
1628	svchost.exe
1628	svchost.exe
1628	svchost.exe
1628	svchost.exe
1628	svchost.exe
1628	svchost.exe
1628	svchost.exe

Adds Run key to start application 2 TTPs 64 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Windows\CurrentVersion\Run	Server.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	Server.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe"	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe"	Server.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe"	Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe"	Server.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Windows\CurrentVersion\Run	Server.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe"	Server.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe"	Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe"	Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe"	Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe"	Server.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe"	Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe"	Server.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe"	Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe"	Server.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	Server.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Windows\CurrentVersion\Run	Server.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe"	Server.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe"	Server.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe"	Server.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe"	Server.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	Server.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Windows\CurrentVersion\Run	Server.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe"	Server.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	Server.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Windows\CurrentVersion\Run	Server.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe"	Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe"	Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe"	Server.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Windows\CurrentVersion\Run	Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe"	Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe"	Server.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	Server.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Windows\CurrentVersion\Run	Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe"	Server.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	Server.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe"	Server.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe"	Server.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe"	Server.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	Server.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Windows\CurrentVersion\Run	Server.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	Server.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe"	Server.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	Server.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Windows\CurrentVersion\Run	Server.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe"	Server.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Windows\CurrentVersion\Run	Server.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Windows\CurrentVersion\Run	Server.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Windows\CurrentVersion\Run	Server.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Windows\CurrentVersion\Run	Server.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe"	Server.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe"	Server.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe"	Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe"	Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe"	Server.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe"	Server.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	Server.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Windows\CurrentVersion\Run	Server.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Windows\CurrentVersion\Run	Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe"	Server.exe

Writes to the Master Boot Record (MBR) 1 TTPs 64 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1067

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	Server.exe
File opened for modification	\??\PhysicalDrive0	Server.exe
File opened for modification	\??\PhysicalDrive0	Server.exe
File opened for modification	\??\PhysicalDrive0	Server.exe
File opened for modification	\??\PhysicalDrive0	Server.exe
File opened for modification	\??\PhysicalDrive0	Server.exe
File opened for modification	\??\PhysicalDrive0	Server.exe
File opened for modification	\??\PhysicalDrive0	Server.exe
File opened for modification	\??\PhysicalDrive0	Server.exe
File opened for modification	\??\PhysicalDrive0	Server.exe
File opened for modification	\??\PhysicalDrive0	Server.exe
File opened for modification	\??\PhysicalDrive0	Server.exe
File opened for modification	\??\PhysicalDrive0	Server.exe
File opened for modification	\??\PhysicalDrive0	Server.exe
File opened for modification	\??\PhysicalDrive0	9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18.exe
File opened for modification	\??\PhysicalDrive0	Server.exe
File opened for modification	\??\PhysicalDrive0	Server.exe
File opened for modification	\??\PhysicalDrive0	Server.exe
File opened for modification	\??\PhysicalDrive0	Server.exe
File opened for modification	\??\PhysicalDrive0	Server.exe
File opened for modification	\??\PhysicalDrive0	Server.exe
File opened for modification	\??\PhysicalDrive0	Server.exe
File opened for modification	\??\PhysicalDrive0	Server.exe
File opened for modification	\??\PhysicalDrive0	Server.exe
File opened for modification	\??\PhysicalDrive0	Server.exe
File opened for modification	\??\PhysicalDrive0	Server.exe
File opened for modification	\??\PhysicalDrive0	Server.exe
File opened for modification	\??\PhysicalDrive0	Server.exe
File opened for modification	\??\PhysicalDrive0	Server.exe
File opened for modification	\??\PhysicalDrive0	Server.exe
File opened for modification	\??\PhysicalDrive0	Server.exe
File opened for modification	\??\PhysicalDrive0	Server.exe
File opened for modification	\??\PhysicalDrive0	iexplore.exe
File opened for modification	\??\PhysicalDrive0	Server.exe
File opened for modification	\??\PhysicalDrive0	Server.exe
File opened for modification	\??\PhysicalDrive0	Server.exe
File opened for modification	\??\PhysicalDrive0	Server.exe
File opened for modification	\??\PhysicalDrive0	Server.exe
File opened for modification	\??\PhysicalDrive0	Server.exe
File opened for modification	\??\PhysicalDrive0	Server.exe
File opened for modification	\??\PhysicalDrive0	Server.exe
File opened for modification	\??\PhysicalDrive0	Server.exe
File opened for modification	\??\PhysicalDrive0	Server.exe
File opened for modification	\??\PhysicalDrive0	Server.exe
File opened for modification	\??\PhysicalDrive0	Server.exe
File opened for modification	\??\PhysicalDrive0	Server.exe
File opened for modification	\??\PhysicalDrive0	Server.exe
File opened for modification	\??\PhysicalDrive0	Server.exe
File opened for modification	\??\PhysicalDrive0	Server.exe
File opened for modification	\??\PhysicalDrive0	Server.exe
File opened for modification	\??\PhysicalDrive0	Server.exe
File opened for modification	\??\PhysicalDrive0	Server.exe
File opened for modification	\??\PhysicalDrive0	Server.exe
File opened for modification	\??\PhysicalDrive0	Server.exe
File opened for modification	\??\PhysicalDrive0	Server.exe
File opened for modification	\??\PhysicalDrive0	Server.exe
File opened for modification	\??\PhysicalDrive0	Server.exe
File opened for modification	\??\PhysicalDrive0	Server.exe
File opened for modification	\??\PhysicalDrive0	Server.exe
File opened for modification	\??\PhysicalDrive0	Server.exe
File opened for modification	\??\PhysicalDrive0	Server.exe
File opened for modification	\??\PhysicalDrive0	Server.exe
File opened for modification	\??\PhysicalDrive0	Server.exe
File opened for modification	\??\PhysicalDrive0	Server.exe

Suspicious use of SetThreadContext 64 IoCs

description	pid	Process	procid_target
PID 1388 set thread context of 1288	1388	9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18.exe	27
PID 2040 set thread context of 1668	2040	Server.exe	36
PID 832 set thread context of 1544	832	Server.exe	44
PID 920 set thread context of 2044	920	Server.exe	52
PID 1696 set thread context of 1908	1696	Server.exe	60
PID 1536 set thread context of 1032	1536	Server.exe	63
PID 1140 set thread context of 1260	1140	Server.exe	66
PID 1668 set thread context of 1736	1668	Server.exe	81
PID 1696 set thread context of 524	1696	Server.exe	84
PID 960 set thread context of 904	960	Server.exe	100
PID 1536 set thread context of 2080	1536	Server.exe	104
PID 2272 set thread context of 2304	2272	Server.exe	118
PID 2448 set thread context of 2504	2448	Server.exe	125
PID 2488 set thread context of 2568	2488	Server.exe	128
PID 2368 set thread context of 2600	2368	Server.exe	129
PID 2868 set thread context of 2928	2868	Server.exe	152
PID 2844 set thread context of 2980	2844	Server.exe	153
PID 2004 set thread context of 2256	2004	Server.exe	169
PID 2324 set thread context of 1808	2324	Server.exe	171
PID 1056 set thread context of 2532	1056	Server.exe	178
PID 2856 set thread context of 2900	2856	Server.exe	191
PID 2692 set thread context of 1976	2692	Server.exe	200
PID 1908 set thread context of 2360	1908	Server.exe	204
PID 1632 set thread context of 2340	1632	Server.exe	207
PID 2176 set thread context of 2244	2176	Server.exe	232
PID 2724 set thread context of 2500	2724	Server.exe	235
PID 2280 set thread context of 1584	2280	Server.exe	236
PID 1412 set thread context of 3148	1412	Server.exe	257
PID 3120 set thread context of 3168	3120	Server.exe	258
PID 3236 set thread context of 3288	3236	Server.exe	264
PID 3368 set thread context of 3388	3368	Server.exe	270
PID 3556 set thread context of 3592	3556	Server.exe	283
PID 3736 set thread context of 3776	3736	Server.exe	295
PID 3804 set thread context of 3836	3804	Server.exe	298
PID 3896 set thread context of 3932	3896	Server.exe	306
PID 3188 set thread context of 3252	3188	Server.exe	332
PID 3200 set thread context of 3236	3200	Server.exe	334
PID 3396 set thread context of 3412	3396	Server.exe	337
PID 3136 set thread context of 3588	3136	Server.exe	343
PID 3892 set thread context of 3964	3892	Server.exe	360
PID 3656 set thread context of 1152	3656	Server.exe	361
PID 3184 set thread context of 3156	3184	Server.exe	367
PID 3376 set thread context of 3428	3376	Server.exe	373
PID 2900 set thread context of 3808	2900	Server.exe	378
PID 3308 set thread context of 3244	3308	Server.exe	400
PID 3464 set thread context of 3456	3464	Server.exe	412
PID 4168 set thread context of 4200	4168	Server.exe	433
PID 4332 set thread context of 4396	4332	Server.exe	445
PID 4372 set thread context of 4420	4372	Server.exe	446
PID 4252 set thread context of 4468	4252	Server.exe	448
PID 4780 set thread context of 4820	4780	Server.exe	470
PID 4872 set thread context of 4912	4872	Server.exe	473
PID 4940 set thread context of 5000	4940	Server.exe	478
PID 5044 set thread context of 5068	5044	Server.exe	482
PID 4692 set thread context of 4164	4692	Server.exe	486
PID 4404 set thread context of 4436	4404	Server.exe	502
PID 4732 set thread context of 4804	4732	Server.exe	517
PID 3156 set thread context of 4860	3156	Server.exe	522
PID 4684 set thread context of 4904	4684	Server.exe	525
PID 4356 set thread context of 4452	4356	Server.exe	541
PID 4900 set thread context of 4916	4900	iexplore.exe	553
PID 4200 set thread context of 4512	4200	Server.exe	558
PID 3864 set thread context of 4420	3864	Server.exe	565
PID 4952 set thread context of 4568	4952	Server.exe	568

Drops file in Windows directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\InstallDir\Server.exe	Server.exe
File opened for modification	C:\Windows\InstallDir\Server.exe	Server.exe
File opened for modification	C:\Windows\InstallDir\Server.exe	Server.exe
File opened for modification	C:\Windows\InstallDir\Server.exe	9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18.exe
File opened for modification	C:\Windows\InstallDir\Server.exe	Server.exe
File opened for modification	C:\Windows\InstallDir\Server.exe	Server.exe
File opened for modification	C:\Windows\InstallDir\Server.exe	Server.exe
File opened for modification	C:\Windows\InstallDir\Server.exe	Server.exe
File opened for modification	C:\Windows\InstallDir\Server.exe	Server.exe
File opened for modification	C:\Windows\InstallDir\Server.exe	Server.exe
File opened for modification	C:\Windows\InstallDir\Server.exe	Server.exe
File opened for modification	C:\Windows\InstallDir\Server.exe	Server.exe
File opened for modification	C:\Windows\InstallDir\Server.exe	Server.exe
File opened for modification	C:\Windows\InstallDir\Server.exe	Server.exe
File opened for modification	C:\Windows\InstallDir\Server.exe	Server.exe
File opened for modification	C:\Windows\InstallDir\Server.exe	Server.exe
File opened for modification	C:\Windows\InstallDir\Server.exe	Server.exe
File opened for modification	C:\Windows\InstallDir\Server.exe	Server.exe
File opened for modification	C:\Windows\InstallDir\Server.exe	Server.exe
File opened for modification	C:\Windows\InstallDir\Server.exe	Server.exe
File opened for modification	C:\Windows\InstallDir\Server.exe	Server.exe
File opened for modification	C:\Windows\InstallDir\Server.exe	Server.exe
File opened for modification	C:\Windows\InstallDir\Server.exe	Server.exe
File opened for modification	C:\Windows\InstallDir\Server.exe	Server.exe
File opened for modification	C:\Windows\InstallDir\Server.exe	Server.exe
File opened for modification	C:\Windows\InstallDir\Server.exe	Server.exe
File opened for modification	C:\Windows\InstallDir\Server.exe	Server.exe
File opened for modification	C:\Windows\InstallDir\Server.exe	Server.exe
File opened for modification	C:\Windows\InstallDir\Server.exe	Server.exe
File opened for modification	C:\Windows\InstallDir\Server.exe	Server.exe
File opened for modification	C:\Windows\InstallDir\Server.exe	Server.exe
File opened for modification	C:\Windows\InstallDir\Server.exe	Server.exe
File opened for modification	C:\Windows\InstallDir\Server.exe	Server.exe
File opened for modification	C:\Windows\InstallDir\Server.exe	Server.exe
File opened for modification	C:\Windows\InstallDir\Server.exe	Server.exe
File opened for modification	C:\Windows\InstallDir\Server.exe	Server.exe
File opened for modification	C:\Windows\InstallDir\Server.exe	Server.exe
File opened for modification	C:\Windows\InstallDir\Server.exe	Server.exe
File opened for modification	C:\Windows\InstallDir\Server.exe	Server.exe
File opened for modification	C:\Windows\InstallDir\Server.exe	Server.exe
File opened for modification	C:\Windows\InstallDir\Server.exe	Server.exe
File opened for modification	C:\Windows\InstallDir\Server.exe	Server.exe
File opened for modification	C:\Windows\InstallDir\Server.exe	Server.exe
File opened for modification	C:\Windows\InstallDir\Server.exe	Server.exe
File opened for modification	C:\Windows\InstallDir\Server.exe	Server.exe
File opened for modification	C:\Windows\InstallDir\Server.exe	Server.exe
File opened for modification	C:\Windows\InstallDir\Server.exe	Server.exe
File opened for modification	C:\Windows\InstallDir\Server.exe	Server.exe
File opened for modification	C:\Windows\InstallDir\Server.exe	Server.exe
File opened for modification	C:\Windows\InstallDir\Server.exe	Server.exe
File opened for modification	C:\Windows\InstallDir\Server.exe	Server.exe
File opened for modification	C:\Windows\InstallDir\Server.exe	Server.exe
File opened for modification	C:\Windows\InstallDir\Server.exe	Server.exe
File opened for modification	C:\Windows\InstallDir\Server.exe	Server.exe
File opened for modification	C:\Windows\InstallDir\Server.exe	Server.exe
File opened for modification	C:\Windows\InstallDir\Server.exe	Server.exe
File opened for modification	C:\Windows\InstallDir\Server.exe	Server.exe
File opened for modification	C:\Windows\InstallDir\Server.exe	Server.exe
File opened for modification	C:\Windows\InstallDir\Server.exe	Server.exe
File opened for modification	C:\Windows\InstallDir\Server.exe	Server.exe
File opened for modification	C:\Windows\InstallDir\Server.exe	Server.exe
File opened for modification	C:\Windows\InstallDir\Server.exe	Server.exe
File opened for modification	C:\Windows\InstallDir\Server.exe	Server.exe
File opened for modification	C:\Windows\InstallDir\Server.exe	Server.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	Server.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	Server.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	Server.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	Server.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	Server.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	Server.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	Server.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	Server.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	iexplore.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	Server.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	Server.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	Server.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	Server.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	Server.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	Server.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	Server.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	Server.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	Server.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	Server.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	Server.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	Server.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	Server.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	Server.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	Server.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	Server.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	Server.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	Server.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	Server.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	Server.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1388	9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18.exe
2040	Server.exe
832	Server.exe
920	Server.exe
1696	Server.exe
1536	Server.exe
1140	Server.exe
1668	Server.exe
1696	Server.exe
960	Server.exe
1536	Server.exe
2272	Server.exe
2448	Server.exe
2488	Server.exe
2368	Server.exe
2868	Server.exe
2844	Server.exe
2004	Server.exe
2324	Server.exe
1056	Server.exe
2856	Server.exe
2692	Server.exe
1908	Server.exe
1632	Server.exe
2176	Server.exe
2724	Server.exe
2280	Server.exe
1412	Server.exe
3120	Server.exe
3236	Server.exe
3368	Server.exe
3556	Server.exe
3736	Server.exe
3804	Server.exe
3896	Server.exe
3188	Server.exe
3200	Server.exe
3396	Server.exe
3136	Server.exe
3892	Server.exe
3656	Server.exe
3184	Server.exe
3376	Server.exe
2900	Server.exe
3308	Server.exe
3464	Server.exe
4168	Server.exe
4332	Server.exe
4372	Server.exe
4252	Server.exe
4780	Server.exe
4872	Server.exe
4940	Server.exe
5044	Server.exe
4692	Server.exe
4404	Server.exe
4732	Server.exe
3156	Server.exe
4684	Server.exe
4356	Server.exe
4900	iexplore.exe
4200	Server.exe
3864	Server.exe
4952	Server.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1388 wrote to memory of 1288	1388	9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18.exe	27
PID 1388 wrote to memory of 1288	1388	9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18.exe	27
PID 1388 wrote to memory of 1288	1388	9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18.exe	27
PID 1388 wrote to memory of 1288	1388	9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18.exe	27
PID 1388 wrote to memory of 1288	1388	9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18.exe	27
PID 1388 wrote to memory of 1288	1388	9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18.exe	27
PID 1388 wrote to memory of 1288	1388	9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18.exe	27
PID 1388 wrote to memory of 1288	1388	9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18.exe	27
PID 1388 wrote to memory of 1288	1388	9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18.exe	27
PID 1388 wrote to memory of 1288	1388	9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18.exe	27
PID 1388 wrote to memory of 1288	1388	9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18.exe	27
PID 1388 wrote to memory of 1288	1388	9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18.exe	27
PID 1388 wrote to memory of 1288	1388	9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18.exe	27
PID 1388 wrote to memory of 1288	1388	9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18.exe	27
PID 1288 wrote to memory of 1628	1288	9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18.exe	28
PID 1288 wrote to memory of 1628	1288	9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18.exe	28
PID 1288 wrote to memory of 1628	1288	9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18.exe	28
PID 1288 wrote to memory of 1628	1288	9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18.exe	28
PID 1288 wrote to memory of 1628	1288	9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18.exe	28
PID 1288 wrote to memory of 1504	1288	9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18.exe	29
PID 1288 wrote to memory of 1504	1288	9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18.exe	29
PID 1288 wrote to memory of 1504	1288	9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18.exe	29
PID 1288 wrote to memory of 1504	1288	9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18.exe	29
PID 1288 wrote to memory of 1504	1288	9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18.exe	29
PID 1288 wrote to memory of 1744	1288	9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18.exe	30
PID 1288 wrote to memory of 1744	1288	9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18.exe	30
PID 1288 wrote to memory of 1744	1288	9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18.exe	30
PID 1288 wrote to memory of 1744	1288	9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18.exe	30
PID 1288 wrote to memory of 1744	1288	9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18.exe	30
PID 1288 wrote to memory of 1700	1288	9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18.exe	31
PID 1288 wrote to memory of 1700	1288	9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18.exe	31
PID 1288 wrote to memory of 1700	1288	9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18.exe	31
PID 1288 wrote to memory of 1700	1288	9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18.exe	31
PID 1288 wrote to memory of 1700	1288	9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18.exe	31
PID 1288 wrote to memory of 976	1288	9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18.exe	32
PID 1288 wrote to memory of 976	1288	9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18.exe	32
PID 1288 wrote to memory of 976	1288	9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18.exe	32
PID 1288 wrote to memory of 976	1288	9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18.exe	32
PID 1288 wrote to memory of 976	1288	9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18.exe	32
PID 1288 wrote to memory of 956	1288	9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18.exe	33
PID 1288 wrote to memory of 956	1288	9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18.exe	33
PID 1288 wrote to memory of 956	1288	9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18.exe	33
PID 1288 wrote to memory of 956	1288	9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18.exe	33
PID 1288 wrote to memory of 956	1288	9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18.exe	33
PID 1288 wrote to memory of 1844	1288	9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18.exe	34
PID 1288 wrote to memory of 1844	1288	9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18.exe	34
PID 1288 wrote to memory of 1844	1288	9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18.exe	34
PID 1288 wrote to memory of 1844	1288	9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18.exe	34
PID 1288 wrote to memory of 1844	1288	9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18.exe	34
PID 1628 wrote to memory of 2040	1628	svchost.exe	35
PID 1628 wrote to memory of 2040	1628	svchost.exe	35
PID 1628 wrote to memory of 2040	1628	svchost.exe	35
PID 1628 wrote to memory of 2040	1628	svchost.exe	35
PID 2040 wrote to memory of 1668	2040	Server.exe	36
PID 2040 wrote to memory of 1668	2040	Server.exe	36
PID 2040 wrote to memory of 1668	2040	Server.exe	36
PID 2040 wrote to memory of 1668	2040	Server.exe	36
PID 2040 wrote to memory of 1668	2040	Server.exe	36
PID 2040 wrote to memory of 1668	2040	Server.exe	36
PID 2040 wrote to memory of 1668	2040	Server.exe	36
PID 2040 wrote to memory of 1668	2040	Server.exe	36
PID 2040 wrote to memory of 1668	2040	Server.exe	36
PID 2040 wrote to memory of 1668	2040	Server.exe	36
PID 2040 wrote to memory of 1668	2040	Server.exe	36

C:\Users\Admin\AppData\Local\Temp\9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18.exe
"C:\Users\Admin\AppData\Local\Temp\9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18.exe"
1⤵
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetThreadContext
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1388
- C:\Users\Admin\AppData\Local\Temp\9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18.exe
  "C:\Users\Admin\AppData\Local\Temp\9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18.exe"
  2⤵
  - Modifies Installed Components in the registry
  - Loads dropped DLL
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:1288
- - C:\Windows\SysWOW64\svchost.exe
    svchost.exe
    3⤵
    - Modifies Installed Components in the registry
    - Loads dropped DLL
    - Adds Run key to start application
    - Suspicious use of WriteProcessMemory
    PID:1628
  - - C:\Windows\InstallDir\Server.exe
      "C:\Windows\InstallDir\Server.exe"
      4⤵
      Executes dropped EXE
      Writes to the Master Boot Record (MBR)
      Suspicious use of SetThreadContext
      Modifies registry class
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2040
    - - C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        5⤵
        Executes dropped EXE
        Modifies Installed Components in the registry
        Adds Run key to start application
        Drops file in Windows directory
        
        PID:1668
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1144
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1280
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1228
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1968
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:964
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1576
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1324
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1732
      - C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        6⤵
        Executes dropped EXE
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        
        PID:1696
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        7⤵
        Executes dropped EXE
        Modifies Installed Components in the registry
        Drops file in Windows directory
        
        PID:1908
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1276
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1000
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1156
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:436
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2032
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1288
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2136
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2216
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        8⤵
        Executes dropped EXE
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:2272
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        9⤵
        Executes dropped EXE
        Adds Run key to start application
        Drops file in Windows directory
        
        PID:2304
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:2432
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:2684
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:2768
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:2884
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:1936
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:2096
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:2512
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:2664
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        10⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:2856
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        11⤵
        Executes dropped EXE
        Adds Run key to start application
        Drops file in Windows directory
        
        PID:2900
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:3008
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:2452
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:2856
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:3004
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:2344
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:1332
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:3264
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:3484
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        12⤵
        Executes dropped EXE
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        
        PID:3556
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        13⤵
        Executes dropped EXE
        Modifies Installed Components in the registry
        Drops file in Windows directory
        
        PID:3592
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:3676
  - - C:\Windows\InstallDir\Server.exe
      "C:\Windows\InstallDir\Server.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of SetThreadContext
      Suspicious use of SetWindowsHookEx
      PID:832
    - - C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        5⤵
        Executes dropped EXE
        Modifies Installed Components in the registry
        Adds Run key to start application
        Drops file in Windows directory
        
        PID:1544
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1616
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1980
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:604
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1188
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:760
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1940
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:516
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1704
      - C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        6⤵
        Executes dropped EXE
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        
        PID:1668
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        7⤵
        Executes dropped EXE
        Modifies Installed Components in the registry
        Adds Run key to start application
        Drops file in Windows directory
        
        PID:1736
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1596
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:664
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1856
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2156
  - - C:\Windows\InstallDir\Server.exe
      "C:\Windows\InstallDir\Server.exe"
      4⤵
      Executes dropped EXE
      Writes to the Master Boot Record (MBR)
      Suspicious use of SetThreadContext
      Suspicious use of SetWindowsHookEx
      PID:920
    - - C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        5⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:2044
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:952
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1688
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1948
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1132
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:852
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1092
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1692
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1624
      - C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        6⤵
        Executes dropped EXE
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:960
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        7⤵
        Executes dropped EXE
        Modifies Installed Components in the registry
        Adds Run key to start application
        Drops file in Windows directory
        
        PID:904
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2128
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2208
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2392
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2676
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2760
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2832
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3032
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1536
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        8⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:2004
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        9⤵
        Executes dropped EXE
        Modifies Installed Components in the registry
        Adds Run key to start application
        Drops file in Windows directory
        
        PID:2256
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:2472
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:2612
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:2988
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:2496
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:2912
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:2940
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:2248
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:2420
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        10⤵
        Executes dropped EXE
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:1412
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        11⤵
        Executes dropped EXE
        Modifies Installed Components in the registry
        Adds Run key to start application
        Drops file in Windows directory
        
        PID:3148
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:3320
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:3500
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:3668
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:3912
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:4056
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:1488
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:1644
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:3768
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        12⤵
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        
        PID:3892
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        13⤵
        Modifies Installed Components in the registry
        Drops file in Windows directory
        
        PID:3964
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:3280
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:1924
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:3208
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:3832
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:3720
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:4112
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:4320
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:4592
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        14⤵
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        
        PID:4684
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        15⤵
        Modifies Installed Components in the registry
        Drops file in Windows directory
        
        PID:4904
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:5044
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:4840
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:4416
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:5160
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:5344
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:5680
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:5968
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:6136
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        16⤵
        Writes to the Master Boot Record (MBR)
        Modifies registry class
        
        PID:5436
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        17⤵
        Adds Run key to start application
        Drops file in Windows directory
        
        PID:3744
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:5772
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:5396
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:4820
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:6132
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:6232
  - - C:\Windows\InstallDir\Server.exe
      "C:\Windows\InstallDir\Server.exe"
      4⤵
      Executes dropped EXE
      Writes to the Master Boot Record (MBR)
      Suspicious use of SetThreadContext
      Modifies registry class
      Suspicious use of SetWindowsHookEx
      PID:1536
    - - C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        5⤵
        Executes dropped EXE
        Adds Run key to start application
        Drops file in Windows directory
        
        PID:1032
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1848
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1540
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1136
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1604
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1888
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1264
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2184
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2236
      - C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        6⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:2368
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        7⤵
        Executes dropped EXE
        Adds Run key to start application
        Drops file in Windows directory
        
        PID:2600
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2736
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2792
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2920
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2064
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2152
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2576
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2628
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3064
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        8⤵
        Executes dropped EXE
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:1632
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        9⤵
        Executes dropped EXE
        Adds Run key to start application
        
        PID:2340
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:2820
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:1724
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:2004
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:1908
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:904
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:3360
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:3524
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:3704
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        10⤵
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        
        PID:3804
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        11⤵
        Modifies Installed Components in the registry
        Adds Run key to start application
        Drops file in Windows directory
        
        PID:3836
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:3988
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:4080
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:3096
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:3556
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:3760
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:3296
  - - C:\Windows\InstallDir\Server.exe
      "C:\Windows\InstallDir\Server.exe"
      4⤵
      Executes dropped EXE
      Writes to the Master Boot Record (MBR)
      Suspicious use of SetThreadContext
      Suspicious use of SetWindowsHookEx
      PID:1696
    - - C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        5⤵
        Executes dropped EXE
        Adds Run key to start application
        Drops file in Windows directory
        
        PID:524
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1992
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1668
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1492
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2192
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2260
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2552
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2744
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2800
      - C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        6⤵
        Executes dropped EXE
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        
        PID:2844
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        7⤵
        Executes dropped EXE
        Modifies Installed Components in the registry
        Adds Run key to start application
        
        PID:2980
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3068
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2112
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2408
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2636
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2968
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1268
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:524
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2060
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        8⤵
        Executes dropped EXE
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        
        PID:2724
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        9⤵
        Executes dropped EXE
        Modifies Installed Components in the registry
        Drops file in Windows directory
        
        PID:2500
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:3052
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:2828
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:3256
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:3476
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:3640
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:3872
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:4040
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:3088
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        10⤵
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        
        PID:3188
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        11⤵
        Modifies Installed Components in the registry
        Drops file in Windows directory
        
        PID:3252
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:3548
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:3772
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:2984
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:3316
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:2732
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:3376
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:3396
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:1996
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        12⤵
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:4168
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        13⤵
        Adds Run key to start application
        Drops file in Windows directory
        
        PID:4200
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:4280
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:4560
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:4764
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:5024
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:4328
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:4544
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:4844
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:3536
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        14⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:4356
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        15⤵
        Modifies Installed Components in the registry
        Adds Run key to start application
        Drops file in Windows directory
        
        PID:4452
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:4868
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:4884
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:5184
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:5408
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:5748
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:5992
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:4824
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:5620
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        16⤵
        Writes to the Master Boot Record (MBR)
        Modifies registry class
        
        PID:5956
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        17⤵
        Modifies Installed Components in the registry
        Adds Run key to start application
        Drops file in Windows directory
        
        PID:6108
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:5400
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:3428
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:5924
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:6220
  - - C:\Windows\InstallDir\Server.exe
      "C:\Windows\InstallDir\Server.exe"
      4⤵
      Executes dropped EXE
      Writes to the Master Boot Record (MBR)
      Suspicious use of SetThreadContext
      Modifies registry class
      Suspicious use of SetWindowsHookEx
      PID:1536
    - - C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        5⤵
        Executes dropped EXE
        Modifies Installed Components in the registry
        Adds Run key to start application
        Drops file in Windows directory
        
        PID:2080
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2164
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2224
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2480
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2712
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2784
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2904
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2056
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2124
      - C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        6⤵
        Executes dropped EXE
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:2324
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        7⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:1808
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2560
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2672
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2964
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2516
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2936
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2504
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2300
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2444
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        8⤵
        Executes dropped EXE
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:3120
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        9⤵
        Executes dropped EXE
        Modifies Installed Components in the registry
        Adds Run key to start application
        Drops file in Windows directory
        
        PID:3168
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:3340
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:3508
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:3684
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:3924
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:4064
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:3100
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:2952
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:3800
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        10⤵
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:3656
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        11⤵
        Adds Run key to start application
        Drops file in Windows directory
        
        PID:1152
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:3224
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:3172
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:1036
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:3828
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:4008
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:4104
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:4312
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:4584
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        12⤵
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        
        PID:4692
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        13⤵
        Modifies Installed Components in the registry
        Adds Run key to start application
        
        PID:4164
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:4240
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:4492
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:4744
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:4176
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:3348
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:4516
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:5168
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:5368
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        14⤵
        Writes to the Master Boot Record (MBR)
        Modifies registry class
        
        PID:5560
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        15⤵
        Adds Run key to start application
        Drops file in Windows directory
        
        PID:5624
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:5796
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:6008
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:4212
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:5896
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:5048
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:5476
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:4496
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:6248
  - - C:\Windows\InstallDir\Server.exe
      "C:\Windows\InstallDir\Server.exe"
      4⤵
      Executes dropped EXE
      Writes to the Master Boot Record (MBR)
      Suspicious use of SetThreadContext
      Suspicious use of SetWindowsHookEx
      PID:2488
    - - C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        5⤵
        Executes dropped EXE
        Modifies Installed Components in the registry
        Adds Run key to start application
        Drops file in Windows directory
        
        PID:2568
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2700
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2776
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2892
  - - C:\Windows\InstallDir\Server.exe
      "C:\Windows\InstallDir\Server.exe"
      4⤵
      Executes dropped EXE
      Writes to the Master Boot Record (MBR)
      Suspicious use of SetThreadContext
      Modifies registry class
      Suspicious use of SetWindowsHookEx
      PID:2868
    - - C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        5⤵
        Executes dropped EXE
        Adds Run key to start application
        Drops file in Windows directory
        
        PID:2928
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:3044
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2100
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2404
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2620
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2956
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2144
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2440
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:3040
      - C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        6⤵
        Executes dropped EXE
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:2176
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        7⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:2244
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1160
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2416
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3212
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3448
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3624
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3812
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4020
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3084
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        8⤵
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        
        PID:3136
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        9⤵
        Adds Run key to start application
        Drops file in Windows directory
        
        PID:3588
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:3788
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:3104
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:3564
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:2244
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:3312
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:3180
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:3388
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:4228
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        10⤵
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        
        PID:4332
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        11⤵
        Adds Run key to start application
        Drops file in Windows directory
        
        PID:4396
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:4500
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:4716
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:4972
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:4248
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:4456
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:4756
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:5076
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:3976
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        12⤵
        
        PID:4900
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        13⤵
        Modifies Installed Components in the registry
        Adds Run key to start application
        Drops file in Windows directory
        
        PID:4916
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:4808
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:5176
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:5376
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:5708
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:5984
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:5220
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:5756
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:5392
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        14⤵
        Writes to the Master Boot Record (MBR)
        Modifies registry class
        
        PID:5512
  - - C:\Windows\InstallDir\Server.exe
      "C:\Windows\InstallDir\Server.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of SetThreadContext
      Modifies registry class
      Suspicious use of SetWindowsHookEx
      PID:1056
    - - C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        5⤵
        Executes dropped EXE
        Modifies Installed Components in the registry
        Adds Run key to start application
        Drops file in Windows directory
        
        PID:2532
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2608
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2876
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2232
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2696
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2644
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2428
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2176
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:3028
      - C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        6⤵
        Executes dropped EXE
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        
        PID:3236
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        7⤵
        Executes dropped EXE
        Modifies Installed Components in the registry
        Drops file in Windows directory
        
        PID:3288
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3436
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3576
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3712
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3996
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4088
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3248
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2816
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3804
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        8⤵
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        
        PID:3184
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        9⤵
        Modifies Installed Components in the registry
        Drops file in Windows directory
        
        PID:3156
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:3612
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:3656
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:3232
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:3184
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:3308
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:4192
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:4460
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:4624
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        10⤵
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        
        PID:4780
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        11⤵
        Adds Run key to start application
        Drops file in Windows directory
        
        PID:4820
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:4932
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:4172
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:4376
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:4712
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:5016
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:3392
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:4508
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:5124
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        12⤵
        Writes to the Master Boot Record (MBR)
        Modifies registry class
        
        PID:5212
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        13⤵
        Modifies Installed Components in the registry
        Drops file in Windows directory
        
        PID:5248
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:5328
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:5668
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:5932
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:6100
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:4164
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:4860
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:5948
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:5156
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        14⤵
        
        PID:6276
  - - C:\Windows\InstallDir\Server.exe
      "C:\Windows\InstallDir\Server.exe"
      4⤵
      Executes dropped EXE
      Writes to the Master Boot Record (MBR)
      Suspicious use of SetThreadContext
      Suspicious use of SetWindowsHookEx
      PID:1908
    - - C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        5⤵
        Executes dropped EXE
        Modifies Installed Components in the registry
        Drops file in Windows directory
        
        PID:2360
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2624
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2868
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2692
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2376
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2280
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:3352
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:3516
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:3692
      - C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        6⤵
        Executes dropped EXE
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:3736
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        7⤵
        Executes dropped EXE
        
        PID:3776
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3948
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4072
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3132
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3544
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3824
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3160
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3888
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3444
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        8⤵
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        
        PID:3308
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        9⤵
        Modifies Installed Components in the registry
        Adds Run key to start application
        
        PID:3244
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:3900
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:3608
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:4120
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:4348
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:4600
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:4796
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:5060
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:3784
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        10⤵
        Suspicious use of SetThreadContext
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        
        PID:4404
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        11⤵
        Modifies Installed Components in the registry
        Adds Run key to start application
        Drops file in Windows directory
        
        PID:4436
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:4664
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:4920
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:4188
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:3156
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:4468
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:5232
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:5440
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:5776
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        12⤵
        
        PID:5900
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        13⤵
        Modifies Installed Components in the registry
        Adds Run key to start application
        
        PID:5940
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:6020
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:5428
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:5872
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:4904
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:4732
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:4448
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:6316
  - - C:\Windows\InstallDir\Server.exe
      "C:\Windows\InstallDir\Server.exe"
      4⤵
      Executes dropped EXE
      Writes to the Master Boot Record (MBR)
      Suspicious use of SetThreadContext
      Suspicious use of SetWindowsHookEx
      PID:2280
    - - C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        5⤵
        Executes dropped EXE
        
        PID:1584
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2600
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2724
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:3272
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:3492
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:3648
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:3880
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4048
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2120
      - C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        6⤵
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        
        PID:3200
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        7⤵
        Modifies Installed Components in the registry
        Adds Run key to start application
        
        PID:3236
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3000
  - - C:\Windows\InstallDir\Server.exe
      "C:\Windows\InstallDir\Server.exe"
      4⤵
      Executes dropped EXE
      Writes to the Master Boot Record (MBR)
      Suspicious use of SetThreadContext
      Modifies registry class
      Suspicious use of SetWindowsHookEx
      PID:3368
    - - C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        5⤵
        Executes dropped EXE
        
        PID:3388
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:3468
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:3632
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:3856
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4028
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1260
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:3380
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:3820
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:3120
      - C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        6⤵
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        
        PID:3376
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        7⤵
        Modifies Installed Components in the registry
        Adds Run key to start application
        
        PID:3428
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3336
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3076
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3332
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3408
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3968
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4268
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4536
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4748
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        8⤵
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:4872
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        9⤵
        Modifies Installed Components in the registry
        Adds Run key to start application
        Drops file in Windows directory
        
        PID:4912
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:5104
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:4292
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:4656
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:3892
  - - C:\Windows\InstallDir\Server.exe
      "C:\Windows\InstallDir\Server.exe"
      4⤵
      Writes to the Master Boot Record (MBR)
      Suspicious use of SetThreadContext
      Suspicious use of SetWindowsHookEx
      PID:3896
    - - C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        5⤵
        Modifies Installed Components in the registry
        Adds Run key to start application
        Drops file in Windows directory
        
        PID:3932
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4012
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1976
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2536
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2384
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:3896
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2520
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:3108
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1584
      - C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        6⤵
        Writes to the Master Boot Record (MBR)
        Modifies registry class
        
        PID:588
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        7⤵
        Modifies Installed Components in the registry
        Adds Run key to start application
        Drops file in Windows directory
        
        PID:5700
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5832
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:6060
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5072
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4964
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5548
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4876
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:6152
  - - C:\Windows\InstallDir\Server.exe
      "C:\Windows\InstallDir\Server.exe"
      4⤵
      Writes to the Master Boot Record (MBR)
      Suspicious use of SetThreadContext
      Modifies registry class
      Suspicious use of SetWindowsHookEx
      PID:3396
    - - C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        5⤵
        Drops file in Windows directory
        
        PID:3412
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2860
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2324
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:3424
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:3128
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:3288
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:3840
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:3780
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4144
      - C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        6⤵
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        
        PID:4252
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        7⤵
        Adds Run key to start application
        Drops file in Windows directory
        
        PID:4468
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4572
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4772
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5036
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3756
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4552
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4880
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4152
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4852
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        8⤵
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:3864
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        9⤵
        Modifies Installed Components in the registry
        Adds Run key to start application
        Drops file in Windows directory
        
        PID:4420
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:3852
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:5284
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:5532
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:5820
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:6044
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:5484
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:5928
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:5388
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        10⤵
        
        PID:5976
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        11⤵
        
        PID:4360
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:4912
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:6168
  - - C:\Windows\InstallDir\Server.exe
      "C:\Windows\InstallDir\Server.exe"
      4⤵
      Writes to the Master Boot Record (MBR)
      Suspicious use of SetThreadContext
      Suspicious use of SetWindowsHookEx
      PID:2900
    - - C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        5⤵
        Modifies Installed Components in the registry
        Drops file in Windows directory
        
        PID:3808
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2288
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2728
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1928
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:3936
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4128
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4364
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4608
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4812
      - C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        6⤵
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:4940
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        7⤵
        Adds Run key to start application
        Drops file in Windows directory
        
        PID:5000
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3252
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3600
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4708
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4968
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4404
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4412
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5100
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5292
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        8⤵
        Writes to the Master Boot Record (MBR)
        Modifies registry class
        
        PID:5384
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        9⤵
        Modifies Installed Components in the registry
        Drops file in Windows directory
        
        PID:5420
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:5608
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:5916
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:6088
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:5552
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:4944
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:4160
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:4488
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:6176
  - - C:\Windows\InstallDir\Server.exe
      "C:\Windows\InstallDir\Server.exe"
      4⤵
      Suspicious use of SetThreadContext
      Modifies registry class
      Suspicious use of SetWindowsHookEx
      PID:3464
    - - C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        5⤵
        Modifies Installed Components in the registry
        Adds Run key to start application
        
        PID:3456
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2980
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4136
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4380
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4616
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4828
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:5092
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4344
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4700
      - C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        6⤵
        Suspicious use of SetThreadContext
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        
        PID:4732
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        7⤵
        Modifies Installed Components in the registry
        Drops file in Windows directory
        
        PID:4804
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4872
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4336
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4288
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4924
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5276
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5520
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5812
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:6036
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        8⤵
        Writes to the Master Boot Record (MBR)
        Modifies registry class
        
        PID:6128
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        9⤵
        Drops file in Windows directory
        
        PID:5556
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:3200
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:5004
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:4856
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:5956
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:6308
  - - C:\Windows\InstallDir\Server.exe
      "C:\Windows\InstallDir\Server.exe"
      4⤵
      Writes to the Master Boot Record (MBR)
      Suspicious use of SetThreadContext
      Modifies registry class
      Suspicious use of SetWindowsHookEx
      PID:4372
    - - C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        5⤵
        Modifies Installed Components in the registry
        Drops file in Windows directory
        
        PID:4420
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4520
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4724
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4980
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4264
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4256
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4792
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:5084
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4740
      - C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        6⤵
        Suspicious use of SetThreadContext
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        
        PID:4200
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        7⤵
        Modifies Installed Components in the registry
        Drops file in Windows directory
        
        PID:4512
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        
        PID:4900
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5240
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5452
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5784
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:6000
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5268
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5764
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5404
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        8⤵
        
        PID:5648
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        9⤵
        
        PID:576
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:5560
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:5032
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:6260
  - - C:\Windows\InstallDir\Server.exe
      "C:\Windows\InstallDir\Server.exe"
      4⤵
      Writes to the Master Boot Record (MBR)
      Suspicious use of SetThreadContext
      Suspicious use of SetWindowsHookEx
      PID:5044
    - - C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        5⤵
        Modifies Installed Components in the registry
        Adds Run key to start application
        Drops file in Windows directory
        
        PID:5068
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4220
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4428
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:3140
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:5052
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:3748
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4892
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:5144
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:5308
      - C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        6⤵
        Writes to the Master Boot Record (MBR)
        Modifies registry class
        
        PID:5476
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        7⤵
        Modifies Installed Components in the registry
        Adds Run key to start application
        Drops file in Windows directory
        
        PID:5504
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5692
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5960
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:6120
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5716
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5212
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5200
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5132
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:6192
  - - C:\Windows\InstallDir\Server.exe
      "C:\Windows\InstallDir\Server.exe"
      4⤵
      Suspicious use of SetThreadContext
      Modifies registry class
      Suspicious use of SetWindowsHookEx
      PID:3156
    - - C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        5⤵
        Adds Run key to start application
        Drops file in Windows directory
        
        PID:4860
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4940
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4788
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1152
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:3944
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:5300
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:5588
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:5876
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:6076
      - C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        6⤵
        Writes to the Master Boot Record (MBR)
        Modifies registry class
        
        PID:5228
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        7⤵
        Modifies Installed Components in the registry
        Drops file in Windows directory
        
        PID:4208
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5572
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4996
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5500
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5152
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:6184
  - - C:\Windows\InstallDir\Server.exe
      "C:\Windows\InstallDir\Server.exe"
      4⤵
      Writes to the Master Boot Record (MBR)
      Suspicious use of SetThreadContext
      Modifies registry class
      Suspicious use of SetWindowsHookEx
      PID:4952
    - - C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        5⤵
        Modifies Installed Components in the registry
        Drops file in Windows directory
        
        PID:4568
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:5136
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:5316
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:5596
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:5884
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:6068
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:5516
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4804
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:5460
      - C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        6⤵
        
        PID:4400
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        7⤵
        
        PID:5260
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:6212
  - - C:\Windows\InstallDir\Server.exe
      "C:\Windows\InstallDir\Server.exe"
      4⤵
      PID:5616
    - - C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        5⤵
        Drops file in Windows directory
        
        PID:5720
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:5844
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:6052
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:5488
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4988
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:5568
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4420
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:6160
  - - C:\Windows\InstallDir\Server.exe
      "C:\Windows\InstallDir\Server.exe"
      4⤵
      Writes to the Master Boot Record (MBR)
      Modifies registry class
      PID:5416
    - - C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        5⤵
        
        PID:5500
  - - C:\Windows\InstallDir\Server.exe
      "C:\Windows\InstallDir\Server.exe"
      4⤵
      PID:4528
    - - C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        5⤵
        
        PID:5648
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:6288
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    PID:1504
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    PID:1744
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    PID:1700
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    PID:976
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    PID:956
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    PID:1844
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    PID:1648
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    PID:1620
- - C:\Windows\InstallDir\Server.exe
    "C:\Windows\InstallDir\Server.exe"
    3⤵
    - Executes dropped EXE
    - Writes to the Master Boot Record (MBR)
    - Suspicious use of SetThreadContext
    - Modifies registry class
    - Suspicious use of SetWindowsHookEx
    PID:1140
  - - C:\Windows\InstallDir\Server.exe
      "C:\Windows\InstallDir\Server.exe"
      4⤵
      Executes dropped EXE
      Modifies Installed Components in the registry
      Adds Run key to start application
      Drops file in Windows directory
      PID:1260
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:1564
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:1728
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:552
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:568
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:2040
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:2072
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:2200
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:2332
    - - C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        5⤵
        Executes dropped EXE
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        
        PID:2448
      - C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        6⤵
        Executes dropped EXE
        Modifies Installed Components in the registry
        Adds Run key to start application
        Drops file in Windows directory
        
        PID:2504
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:2652
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:2752
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:2808
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:3016
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:2088
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:2380
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:2616
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:2948
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        7⤵
        Executes dropped EXE
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:2692
        
        C:\Windows\InstallDir\Server.exe
        
        "C:\Windows\InstallDir\Server.exe"
        8⤵
        Executes dropped EXE
        Modifies Installed Components in the registry
        Adds Run key to start application
        Drops file in Windows directory
        
        PID:1976
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        9⤵
        
        PID:2356

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

T1067

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\((Mutex)).cfg

Filesize
1KB

MD5
0468d395e88014480a2dd516251c054e

SHA1
6e557e58171ef90b658dae0a1c646cca9909bc94

SHA256
eca064b2de63ba4741b8e3e2c7b0616b04c5cd383d83149bbf91c9359be8f67b

SHA512
2b31c47402db4aa9df38a39efd7238852ccee3e1b2dbd9c1254a9ec8d9c126cbc462aa9dd1e0731532a45de060354f3cb862d4b3f6a8ab6e68e52737ce9eda09

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\((Mutex)).cfg

Filesize
1KB

MD5
0468d395e88014480a2dd516251c054e

SHA1
6e557e58171ef90b658dae0a1c646cca9909bc94

SHA256
eca064b2de63ba4741b8e3e2c7b0616b04c5cd383d83149bbf91c9359be8f67b

SHA512
2b31c47402db4aa9df38a39efd7238852ccee3e1b2dbd9c1254a9ec8d9c126cbc462aa9dd1e0731532a45de060354f3cb862d4b3f6a8ab6e68e52737ce9eda09

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\((Mutex)).cfg

Filesize
1KB

MD5
0468d395e88014480a2dd516251c054e

SHA1
6e557e58171ef90b658dae0a1c646cca9909bc94

SHA256
eca064b2de63ba4741b8e3e2c7b0616b04c5cd383d83149bbf91c9359be8f67b

SHA512
2b31c47402db4aa9df38a39efd7238852ccee3e1b2dbd9c1254a9ec8d9c126cbc462aa9dd1e0731532a45de060354f3cb862d4b3f6a8ab6e68e52737ce9eda09

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\((Mutex)).cfg

Filesize
1KB

MD5
0468d395e88014480a2dd516251c054e

SHA1
6e557e58171ef90b658dae0a1c646cca9909bc94

SHA256
eca064b2de63ba4741b8e3e2c7b0616b04c5cd383d83149bbf91c9359be8f67b

SHA512
2b31c47402db4aa9df38a39efd7238852ccee3e1b2dbd9c1254a9ec8d9c126cbc462aa9dd1e0731532a45de060354f3cb862d4b3f6a8ab6e68e52737ce9eda09

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\((Mutex)).cfg

Filesize
1KB

MD5
0468d395e88014480a2dd516251c054e

SHA1
6e557e58171ef90b658dae0a1c646cca9909bc94

SHA256
eca064b2de63ba4741b8e3e2c7b0616b04c5cd383d83149bbf91c9359be8f67b

SHA512
2b31c47402db4aa9df38a39efd7238852ccee3e1b2dbd9c1254a9ec8d9c126cbc462aa9dd1e0731532a45de060354f3cb862d4b3f6a8ab6e68e52737ce9eda09

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\((Mutex)).cfg

Filesize
1KB

MD5
0468d395e88014480a2dd516251c054e

SHA1
6e557e58171ef90b658dae0a1c646cca9909bc94

SHA256
eca064b2de63ba4741b8e3e2c7b0616b04c5cd383d83149bbf91c9359be8f67b

SHA512
2b31c47402db4aa9df38a39efd7238852ccee3e1b2dbd9c1254a9ec8d9c126cbc462aa9dd1e0731532a45de060354f3cb862d4b3f6a8ab6e68e52737ce9eda09

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\((Mutex)).cfg

Filesize
1KB

MD5
0468d395e88014480a2dd516251c054e

SHA1
6e557e58171ef90b658dae0a1c646cca9909bc94

SHA256
eca064b2de63ba4741b8e3e2c7b0616b04c5cd383d83149bbf91c9359be8f67b

SHA512
2b31c47402db4aa9df38a39efd7238852ccee3e1b2dbd9c1254a9ec8d9c126cbc462aa9dd1e0731532a45de060354f3cb862d4b3f6a8ab6e68e52737ce9eda09

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\((Mutex)).cfg

Filesize
1KB

MD5
0468d395e88014480a2dd516251c054e

SHA1
6e557e58171ef90b658dae0a1c646cca9909bc94

SHA256
eca064b2de63ba4741b8e3e2c7b0616b04c5cd383d83149bbf91c9359be8f67b

SHA512
2b31c47402db4aa9df38a39efd7238852ccee3e1b2dbd9c1254a9ec8d9c126cbc462aa9dd1e0731532a45de060354f3cb862d4b3f6a8ab6e68e52737ce9eda09

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\((Mutex)).cfg

Filesize
1KB

MD5
0468d395e88014480a2dd516251c054e

SHA1
6e557e58171ef90b658dae0a1c646cca9909bc94

SHA256
eca064b2de63ba4741b8e3e2c7b0616b04c5cd383d83149bbf91c9359be8f67b

SHA512
2b31c47402db4aa9df38a39efd7238852ccee3e1b2dbd9c1254a9ec8d9c126cbc462aa9dd1e0731532a45de060354f3cb862d4b3f6a8ab6e68e52737ce9eda09

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\((Mutex)).cfg

Filesize
1KB

MD5
0468d395e88014480a2dd516251c054e

SHA1
6e557e58171ef90b658dae0a1c646cca9909bc94

SHA256
eca064b2de63ba4741b8e3e2c7b0616b04c5cd383d83149bbf91c9359be8f67b

SHA512
2b31c47402db4aa9df38a39efd7238852ccee3e1b2dbd9c1254a9ec8d9c126cbc462aa9dd1e0731532a45de060354f3cb862d4b3f6a8ab6e68e52737ce9eda09

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\((Mutex)).cfg

Filesize
1KB

MD5
0468d395e88014480a2dd516251c054e

SHA1
6e557e58171ef90b658dae0a1c646cca9909bc94

SHA256
eca064b2de63ba4741b8e3e2c7b0616b04c5cd383d83149bbf91c9359be8f67b

SHA512
2b31c47402db4aa9df38a39efd7238852ccee3e1b2dbd9c1254a9ec8d9c126cbc462aa9dd1e0731532a45de060354f3cb862d4b3f6a8ab6e68e52737ce9eda09

Download Submit
C:\Windows\InstallDir\Server.exe

Filesize
401KB

MD5
e3ae1c8453baf65007b473efb93371a9

SHA1
3706c2e85ab4530c5a6053e404dfd79d2b73cf9a

SHA256
9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18

SHA512
ad6d5a6569142c37827fcbe57c3798f8bed437c7db688d1488c0a5d3d162fb2eb65d21c2d26265b81e84b695a8ecad03e2a75226e2f2779d3aafe7214f234427

Download Submit
C:\Windows\InstallDir\Server.exe

Filesize
401KB

MD5
e3ae1c8453baf65007b473efb93371a9

SHA1
3706c2e85ab4530c5a6053e404dfd79d2b73cf9a

SHA256
9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18

SHA512
ad6d5a6569142c37827fcbe57c3798f8bed437c7db688d1488c0a5d3d162fb2eb65d21c2d26265b81e84b695a8ecad03e2a75226e2f2779d3aafe7214f234427

Download Submit
C:\Windows\InstallDir\Server.exe

Filesize
401KB

MD5
e3ae1c8453baf65007b473efb93371a9

SHA1
3706c2e85ab4530c5a6053e404dfd79d2b73cf9a

SHA256
9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18

SHA512
ad6d5a6569142c37827fcbe57c3798f8bed437c7db688d1488c0a5d3d162fb2eb65d21c2d26265b81e84b695a8ecad03e2a75226e2f2779d3aafe7214f234427

Download Submit
C:\Windows\InstallDir\Server.exe

Filesize
401KB

MD5
e3ae1c8453baf65007b473efb93371a9

SHA1
3706c2e85ab4530c5a6053e404dfd79d2b73cf9a

SHA256
9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18

SHA512
ad6d5a6569142c37827fcbe57c3798f8bed437c7db688d1488c0a5d3d162fb2eb65d21c2d26265b81e84b695a8ecad03e2a75226e2f2779d3aafe7214f234427

Download Submit
C:\Windows\InstallDir\Server.exe

Filesize
401KB

MD5
e3ae1c8453baf65007b473efb93371a9

SHA1
3706c2e85ab4530c5a6053e404dfd79d2b73cf9a

SHA256
9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18

SHA512
ad6d5a6569142c37827fcbe57c3798f8bed437c7db688d1488c0a5d3d162fb2eb65d21c2d26265b81e84b695a8ecad03e2a75226e2f2779d3aafe7214f234427

Download Submit
C:\Windows\InstallDir\Server.exe

Filesize
401KB

MD5
e3ae1c8453baf65007b473efb93371a9

SHA1
3706c2e85ab4530c5a6053e404dfd79d2b73cf9a

SHA256
9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18

SHA512
ad6d5a6569142c37827fcbe57c3798f8bed437c7db688d1488c0a5d3d162fb2eb65d21c2d26265b81e84b695a8ecad03e2a75226e2f2779d3aafe7214f234427

Download Submit
C:\Windows\InstallDir\Server.exe

Filesize
401KB

MD5
e3ae1c8453baf65007b473efb93371a9

SHA1
3706c2e85ab4530c5a6053e404dfd79d2b73cf9a

SHA256
9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18

SHA512
ad6d5a6569142c37827fcbe57c3798f8bed437c7db688d1488c0a5d3d162fb2eb65d21c2d26265b81e84b695a8ecad03e2a75226e2f2779d3aafe7214f234427

Download Submit
C:\Windows\InstallDir\Server.exe

Filesize
401KB

MD5
e3ae1c8453baf65007b473efb93371a9

SHA1
3706c2e85ab4530c5a6053e404dfd79d2b73cf9a

SHA256
9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18

SHA512
ad6d5a6569142c37827fcbe57c3798f8bed437c7db688d1488c0a5d3d162fb2eb65d21c2d26265b81e84b695a8ecad03e2a75226e2f2779d3aafe7214f234427

Download Submit
C:\Windows\InstallDir\Server.exe

Filesize
401KB

MD5
e3ae1c8453baf65007b473efb93371a9

SHA1
3706c2e85ab4530c5a6053e404dfd79d2b73cf9a

SHA256
9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18

SHA512
ad6d5a6569142c37827fcbe57c3798f8bed437c7db688d1488c0a5d3d162fb2eb65d21c2d26265b81e84b695a8ecad03e2a75226e2f2779d3aafe7214f234427

Download Submit
C:\Windows\InstallDir\Server.exe

Filesize
401KB

MD5
e3ae1c8453baf65007b473efb93371a9

SHA1
3706c2e85ab4530c5a6053e404dfd79d2b73cf9a

SHA256
9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18

SHA512
ad6d5a6569142c37827fcbe57c3798f8bed437c7db688d1488c0a5d3d162fb2eb65d21c2d26265b81e84b695a8ecad03e2a75226e2f2779d3aafe7214f234427

Download Submit
C:\Windows\InstallDir\Server.exe

Filesize
401KB

MD5
e3ae1c8453baf65007b473efb93371a9

SHA1
3706c2e85ab4530c5a6053e404dfd79d2b73cf9a

SHA256
9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18

SHA512
ad6d5a6569142c37827fcbe57c3798f8bed437c7db688d1488c0a5d3d162fb2eb65d21c2d26265b81e84b695a8ecad03e2a75226e2f2779d3aafe7214f234427

Download Submit
C:\Windows\InstallDir\Server.exe

Filesize
401KB

MD5
e3ae1c8453baf65007b473efb93371a9

SHA1
3706c2e85ab4530c5a6053e404dfd79d2b73cf9a

SHA256
9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18

SHA512
ad6d5a6569142c37827fcbe57c3798f8bed437c7db688d1488c0a5d3d162fb2eb65d21c2d26265b81e84b695a8ecad03e2a75226e2f2779d3aafe7214f234427

Download Submit
C:\Windows\InstallDir\Server.exe

Filesize
401KB

MD5
e3ae1c8453baf65007b473efb93371a9

SHA1
3706c2e85ab4530c5a6053e404dfd79d2b73cf9a

SHA256
9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18

SHA512
ad6d5a6569142c37827fcbe57c3798f8bed437c7db688d1488c0a5d3d162fb2eb65d21c2d26265b81e84b695a8ecad03e2a75226e2f2779d3aafe7214f234427

Download Submit
C:\Windows\InstallDir\Server.exe

Filesize
401KB

MD5
e3ae1c8453baf65007b473efb93371a9

SHA1
3706c2e85ab4530c5a6053e404dfd79d2b73cf9a

SHA256
9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18

SHA512
ad6d5a6569142c37827fcbe57c3798f8bed437c7db688d1488c0a5d3d162fb2eb65d21c2d26265b81e84b695a8ecad03e2a75226e2f2779d3aafe7214f234427

Download Submit
C:\Windows\InstallDir\Server.exe

Filesize
401KB

MD5
e3ae1c8453baf65007b473efb93371a9

SHA1
3706c2e85ab4530c5a6053e404dfd79d2b73cf9a

SHA256
9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18

SHA512
ad6d5a6569142c37827fcbe57c3798f8bed437c7db688d1488c0a5d3d162fb2eb65d21c2d26265b81e84b695a8ecad03e2a75226e2f2779d3aafe7214f234427

Download Submit
C:\Windows\InstallDir\Server.exe

Filesize
401KB

MD5
e3ae1c8453baf65007b473efb93371a9

SHA1
3706c2e85ab4530c5a6053e404dfd79d2b73cf9a

SHA256
9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18

SHA512
ad6d5a6569142c37827fcbe57c3798f8bed437c7db688d1488c0a5d3d162fb2eb65d21c2d26265b81e84b695a8ecad03e2a75226e2f2779d3aafe7214f234427

Download Submit
C:\Windows\InstallDir\Server.exe

Filesize
401KB

MD5
e3ae1c8453baf65007b473efb93371a9

SHA1
3706c2e85ab4530c5a6053e404dfd79d2b73cf9a

SHA256
9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18

SHA512
ad6d5a6569142c37827fcbe57c3798f8bed437c7db688d1488c0a5d3d162fb2eb65d21c2d26265b81e84b695a8ecad03e2a75226e2f2779d3aafe7214f234427

Download Submit
C:\Windows\InstallDir\Server.exe

Filesize
401KB

MD5
e3ae1c8453baf65007b473efb93371a9

SHA1
3706c2e85ab4530c5a6053e404dfd79d2b73cf9a

SHA256
9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18

SHA512
ad6d5a6569142c37827fcbe57c3798f8bed437c7db688d1488c0a5d3d162fb2eb65d21c2d26265b81e84b695a8ecad03e2a75226e2f2779d3aafe7214f234427

Download Submit
C:\Windows\InstallDir\Server.exe

Filesize
401KB

MD5
e3ae1c8453baf65007b473efb93371a9

SHA1
3706c2e85ab4530c5a6053e404dfd79d2b73cf9a

SHA256
9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18

SHA512
ad6d5a6569142c37827fcbe57c3798f8bed437c7db688d1488c0a5d3d162fb2eb65d21c2d26265b81e84b695a8ecad03e2a75226e2f2779d3aafe7214f234427

Download Submit
C:\Windows\InstallDir\Server.exe

Filesize
401KB

MD5
e3ae1c8453baf65007b473efb93371a9

SHA1
3706c2e85ab4530c5a6053e404dfd79d2b73cf9a

SHA256
9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18

SHA512
ad6d5a6569142c37827fcbe57c3798f8bed437c7db688d1488c0a5d3d162fb2eb65d21c2d26265b81e84b695a8ecad03e2a75226e2f2779d3aafe7214f234427

Download Submit
C:\Windows\InstallDir\Server.exe

Filesize
401KB

MD5
e3ae1c8453baf65007b473efb93371a9

SHA1
3706c2e85ab4530c5a6053e404dfd79d2b73cf9a

SHA256
9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18

SHA512
ad6d5a6569142c37827fcbe57c3798f8bed437c7db688d1488c0a5d3d162fb2eb65d21c2d26265b81e84b695a8ecad03e2a75226e2f2779d3aafe7214f234427

Download Submit
C:\Windows\InstallDir\Server.exe

Filesize
401KB

MD5
e3ae1c8453baf65007b473efb93371a9

SHA1
3706c2e85ab4530c5a6053e404dfd79d2b73cf9a

SHA256
9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18

SHA512
ad6d5a6569142c37827fcbe57c3798f8bed437c7db688d1488c0a5d3d162fb2eb65d21c2d26265b81e84b695a8ecad03e2a75226e2f2779d3aafe7214f234427

Download Submit
C:\Windows\InstallDir\Server.exe

Filesize
401KB

MD5
e3ae1c8453baf65007b473efb93371a9

SHA1
3706c2e85ab4530c5a6053e404dfd79d2b73cf9a

SHA256
9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18

SHA512
ad6d5a6569142c37827fcbe57c3798f8bed437c7db688d1488c0a5d3d162fb2eb65d21c2d26265b81e84b695a8ecad03e2a75226e2f2779d3aafe7214f234427

Download Submit
C:\Windows\InstallDir\Server.exe

Filesize
401KB

MD5
e3ae1c8453baf65007b473efb93371a9

SHA1
3706c2e85ab4530c5a6053e404dfd79d2b73cf9a

SHA256
9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18

SHA512
ad6d5a6569142c37827fcbe57c3798f8bed437c7db688d1488c0a5d3d162fb2eb65d21c2d26265b81e84b695a8ecad03e2a75226e2f2779d3aafe7214f234427

Download Submit
C:\Windows\InstallDir\Server.exe

Filesize
401KB

MD5
e3ae1c8453baf65007b473efb93371a9

SHA1
3706c2e85ab4530c5a6053e404dfd79d2b73cf9a

SHA256
9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18

SHA512
ad6d5a6569142c37827fcbe57c3798f8bed437c7db688d1488c0a5d3d162fb2eb65d21c2d26265b81e84b695a8ecad03e2a75226e2f2779d3aafe7214f234427

Download Submit
C:\Windows\InstallDir\Server.exe

Filesize
401KB

MD5
e3ae1c8453baf65007b473efb93371a9

SHA1
3706c2e85ab4530c5a6053e404dfd79d2b73cf9a

SHA256
9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18

SHA512
ad6d5a6569142c37827fcbe57c3798f8bed437c7db688d1488c0a5d3d162fb2eb65d21c2d26265b81e84b695a8ecad03e2a75226e2f2779d3aafe7214f234427

Download Submit
C:\Windows\InstallDir\Server.exe

Filesize
401KB

MD5
e3ae1c8453baf65007b473efb93371a9

SHA1
3706c2e85ab4530c5a6053e404dfd79d2b73cf9a

SHA256
9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18

SHA512
ad6d5a6569142c37827fcbe57c3798f8bed437c7db688d1488c0a5d3d162fb2eb65d21c2d26265b81e84b695a8ecad03e2a75226e2f2779d3aafe7214f234427

Download Submit
C:\Windows\InstallDir\Server.exe

Filesize
401KB

MD5
e3ae1c8453baf65007b473efb93371a9

SHA1
3706c2e85ab4530c5a6053e404dfd79d2b73cf9a

SHA256
9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18

SHA512
ad6d5a6569142c37827fcbe57c3798f8bed437c7db688d1488c0a5d3d162fb2eb65d21c2d26265b81e84b695a8ecad03e2a75226e2f2779d3aafe7214f234427

Download Submit
C:\Windows\InstallDir\Server.exe

Filesize
401KB

MD5
e3ae1c8453baf65007b473efb93371a9

SHA1
3706c2e85ab4530c5a6053e404dfd79d2b73cf9a

SHA256
9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18

SHA512
ad6d5a6569142c37827fcbe57c3798f8bed437c7db688d1488c0a5d3d162fb2eb65d21c2d26265b81e84b695a8ecad03e2a75226e2f2779d3aafe7214f234427

Download Submit
C:\Windows\InstallDir\Server.exe

Filesize
401KB

MD5
e3ae1c8453baf65007b473efb93371a9

SHA1
3706c2e85ab4530c5a6053e404dfd79d2b73cf9a

SHA256
9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18

SHA512
ad6d5a6569142c37827fcbe57c3798f8bed437c7db688d1488c0a5d3d162fb2eb65d21c2d26265b81e84b695a8ecad03e2a75226e2f2779d3aafe7214f234427

Download Submit
C:\Windows\InstallDir\Server.exe

Filesize
401KB

MD5
e3ae1c8453baf65007b473efb93371a9

SHA1
3706c2e85ab4530c5a6053e404dfd79d2b73cf9a

SHA256
9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18

SHA512
ad6d5a6569142c37827fcbe57c3798f8bed437c7db688d1488c0a5d3d162fb2eb65d21c2d26265b81e84b695a8ecad03e2a75226e2f2779d3aafe7214f234427

Download Submit
C:\Windows\InstallDir\Server.exe

Filesize
401KB

MD5
e3ae1c8453baf65007b473efb93371a9

SHA1
3706c2e85ab4530c5a6053e404dfd79d2b73cf9a

SHA256
9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18

SHA512
ad6d5a6569142c37827fcbe57c3798f8bed437c7db688d1488c0a5d3d162fb2eb65d21c2d26265b81e84b695a8ecad03e2a75226e2f2779d3aafe7214f234427

Download Submit
C:\Windows\InstallDir\Server.exe

Filesize
401KB

MD5
e3ae1c8453baf65007b473efb93371a9

SHA1
3706c2e85ab4530c5a6053e404dfd79d2b73cf9a

SHA256
9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18

SHA512
ad6d5a6569142c37827fcbe57c3798f8bed437c7db688d1488c0a5d3d162fb2eb65d21c2d26265b81e84b695a8ecad03e2a75226e2f2779d3aafe7214f234427

Download Submit
C:\Windows\InstallDir\Server.exe

Filesize
401KB

MD5
e3ae1c8453baf65007b473efb93371a9

SHA1
3706c2e85ab4530c5a6053e404dfd79d2b73cf9a

SHA256
9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18

SHA512
ad6d5a6569142c37827fcbe57c3798f8bed437c7db688d1488c0a5d3d162fb2eb65d21c2d26265b81e84b695a8ecad03e2a75226e2f2779d3aafe7214f234427

Download Submit
C:\Windows\InstallDir\Server.exe

Filesize
401KB

MD5
e3ae1c8453baf65007b473efb93371a9

SHA1
3706c2e85ab4530c5a6053e404dfd79d2b73cf9a

SHA256
9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18

SHA512
ad6d5a6569142c37827fcbe57c3798f8bed437c7db688d1488c0a5d3d162fb2eb65d21c2d26265b81e84b695a8ecad03e2a75226e2f2779d3aafe7214f234427

Download Submit
C:\Windows\InstallDir\Server.exe

Filesize
401KB

MD5
e3ae1c8453baf65007b473efb93371a9

SHA1
3706c2e85ab4530c5a6053e404dfd79d2b73cf9a

SHA256
9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18

SHA512
ad6d5a6569142c37827fcbe57c3798f8bed437c7db688d1488c0a5d3d162fb2eb65d21c2d26265b81e84b695a8ecad03e2a75226e2f2779d3aafe7214f234427

Download Submit
C:\Windows\InstallDir\Server.exe

Filesize
401KB

MD5
e3ae1c8453baf65007b473efb93371a9

SHA1
3706c2e85ab4530c5a6053e404dfd79d2b73cf9a

SHA256
9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18

SHA512
ad6d5a6569142c37827fcbe57c3798f8bed437c7db688d1488c0a5d3d162fb2eb65d21c2d26265b81e84b695a8ecad03e2a75226e2f2779d3aafe7214f234427

Download Submit
\Windows\InstallDir\Server.exe

Filesize
401KB

MD5
e3ae1c8453baf65007b473efb93371a9

SHA1
3706c2e85ab4530c5a6053e404dfd79d2b73cf9a

SHA256
9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18

SHA512
ad6d5a6569142c37827fcbe57c3798f8bed437c7db688d1488c0a5d3d162fb2eb65d21c2d26265b81e84b695a8ecad03e2a75226e2f2779d3aafe7214f234427

Download Submit
\Windows\InstallDir\Server.exe

Filesize
401KB

MD5
e3ae1c8453baf65007b473efb93371a9

SHA1
3706c2e85ab4530c5a6053e404dfd79d2b73cf9a

SHA256
9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18

SHA512
ad6d5a6569142c37827fcbe57c3798f8bed437c7db688d1488c0a5d3d162fb2eb65d21c2d26265b81e84b695a8ecad03e2a75226e2f2779d3aafe7214f234427

Download Submit
\Windows\InstallDir\Server.exe

Filesize
401KB

MD5
e3ae1c8453baf65007b473efb93371a9

SHA1
3706c2e85ab4530c5a6053e404dfd79d2b73cf9a

SHA256
9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18

SHA512
ad6d5a6569142c37827fcbe57c3798f8bed437c7db688d1488c0a5d3d162fb2eb65d21c2d26265b81e84b695a8ecad03e2a75226e2f2779d3aafe7214f234427

Download Submit
\Windows\InstallDir\Server.exe

Filesize
401KB

MD5
e3ae1c8453baf65007b473efb93371a9

SHA1
3706c2e85ab4530c5a6053e404dfd79d2b73cf9a

SHA256
9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18

SHA512
ad6d5a6569142c37827fcbe57c3798f8bed437c7db688d1488c0a5d3d162fb2eb65d21c2d26265b81e84b695a8ecad03e2a75226e2f2779d3aafe7214f234427

Download Submit
\Windows\InstallDir\Server.exe

Filesize
401KB

MD5
e3ae1c8453baf65007b473efb93371a9

SHA1
3706c2e85ab4530c5a6053e404dfd79d2b73cf9a

SHA256
9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18

SHA512
ad6d5a6569142c37827fcbe57c3798f8bed437c7db688d1488c0a5d3d162fb2eb65d21c2d26265b81e84b695a8ecad03e2a75226e2f2779d3aafe7214f234427

Download Submit
\Windows\InstallDir\Server.exe

Filesize
401KB

MD5
e3ae1c8453baf65007b473efb93371a9

SHA1
3706c2e85ab4530c5a6053e404dfd79d2b73cf9a

SHA256
9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18

SHA512
ad6d5a6569142c37827fcbe57c3798f8bed437c7db688d1488c0a5d3d162fb2eb65d21c2d26265b81e84b695a8ecad03e2a75226e2f2779d3aafe7214f234427

Download Submit
\Windows\InstallDir\Server.exe

Filesize
401KB

MD5
e3ae1c8453baf65007b473efb93371a9

SHA1
3706c2e85ab4530c5a6053e404dfd79d2b73cf9a

SHA256
9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18

SHA512
ad6d5a6569142c37827fcbe57c3798f8bed437c7db688d1488c0a5d3d162fb2eb65d21c2d26265b81e84b695a8ecad03e2a75226e2f2779d3aafe7214f234427

Download Submit
\Windows\InstallDir\Server.exe

Filesize
401KB

MD5
e3ae1c8453baf65007b473efb93371a9

SHA1
3706c2e85ab4530c5a6053e404dfd79d2b73cf9a

SHA256
9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18

SHA512
ad6d5a6569142c37827fcbe57c3798f8bed437c7db688d1488c0a5d3d162fb2eb65d21c2d26265b81e84b695a8ecad03e2a75226e2f2779d3aafe7214f234427

Download Submit
\Windows\InstallDir\Server.exe

Filesize
401KB

MD5
e3ae1c8453baf65007b473efb93371a9

SHA1
3706c2e85ab4530c5a6053e404dfd79d2b73cf9a

SHA256
9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18

SHA512
ad6d5a6569142c37827fcbe57c3798f8bed437c7db688d1488c0a5d3d162fb2eb65d21c2d26265b81e84b695a8ecad03e2a75226e2f2779d3aafe7214f234427

Download Submit
\Windows\InstallDir\Server.exe

Filesize
401KB

MD5
e3ae1c8453baf65007b473efb93371a9

SHA1
3706c2e85ab4530c5a6053e404dfd79d2b73cf9a

SHA256
9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18

SHA512
ad6d5a6569142c37827fcbe57c3798f8bed437c7db688d1488c0a5d3d162fb2eb65d21c2d26265b81e84b695a8ecad03e2a75226e2f2779d3aafe7214f234427

Download Submit
\Windows\InstallDir\Server.exe

Filesize
401KB

MD5
e3ae1c8453baf65007b473efb93371a9

SHA1
3706c2e85ab4530c5a6053e404dfd79d2b73cf9a

SHA256
9761bdcf74e704ce41edbc8aca50f1cd9ca7173ac701732ab2a6ce502a4c7f18

SHA512
ad6d5a6569142c37827fcbe57c3798f8bed437c7db688d1488c0a5d3d162fb2eb65d21c2d26265b81e84b695a8ecad03e2a75226e2f2779d3aafe7214f234427

Download Submit
memory/524-282-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/524-190-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/832-94-0x0000000000400000-0x000000000054F000-memory.dmp

Filesize
1.3MB

Download
memory/832-101-0x0000000000400000-0x000000000054F000-memory.dmp

Filesize
1.3MB

Download
memory/904-313-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/904-220-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/920-114-0x0000000000400000-0x000000000054F000-memory.dmp

Filesize
1.3MB

Download
memory/960-203-0x0000000000400000-0x000000000054F000-memory.dmp

Filesize
1.3MB

Download
memory/960-198-0x0000000000400000-0x000000000054F000-memory.dmp

Filesize
1.3MB

Download
memory/1032-157-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/1032-237-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/1140-151-0x0000000000400000-0x000000000054F000-memory.dmp

Filesize
1.3MB

Download
memory/1140-90-0x0000000000400000-0x000000000054F000-memory.dmp

Filesize
1.3MB

Download
memory/1260-243-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/1260-154-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/1288-56-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/1288-61-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/1288-89-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/1288-58-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/1288-59-0x0000000075711000-0x0000000075713000-memory.dmp

Filesize
8KB

Download
memory/1288-63-0x0000000000400000-0x000000000054F000-memory.dmp

Filesize
1.3MB

Download
memory/1288-62-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/1388-60-0x0000000000400000-0x000000000054F000-memory.dmp

Filesize
1.3MB

Download
memory/1536-213-0x0000000000400000-0x000000000054F000-memory.dmp

Filesize
1.3MB

Download
memory/1536-144-0x0000000000400000-0x000000000054F000-memory.dmp

Filesize
1.3MB

Download
memory/1544-162-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/1544-104-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/1628-295-0x0000000003EE0000-0x000000000402F000-memory.dmp

Filesize
1.3MB

Download
memory/1628-156-0x0000000003ED0000-0x000000000401F000-memory.dmp

Filesize
1.3MB

Download
memory/1628-69-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/1628-274-0x0000000003ED0000-0x000000000401F000-memory.dmp

Filesize
1.3MB

Download
memory/1628-83-0x0000000003ED0000-0x000000000401F000-memory.dmp

Filesize
1.3MB

Download
memory/1628-175-0x0000000002830000-0x000000000297F000-memory.dmp

Filesize
1.3MB

Download
memory/1628-218-0x0000000004160000-0x00000000042AF000-memory.dmp

Filesize
1.3MB

Download
memory/1628-117-0x0000000003ED0000-0x000000000401F000-memory.dmp

Filesize
1.3MB

Download
memory/1628-64-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/1628-176-0x0000000003EE0000-0x000000000402F000-memory.dmp

Filesize
1.3MB

Download
memory/1668-84-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/1668-122-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/1668-174-0x0000000000400000-0x000000000054F000-memory.dmp

Filesize
1.3MB

Download
memory/1696-130-0x0000000000400000-0x000000000054F000-memory.dmp

Filesize
1.3MB

Download
memory/1696-186-0x0000000000400000-0x000000000054F000-memory.dmp

Filesize
1.3MB

Download
memory/1696-124-0x0000000000400000-0x000000000054F000-memory.dmp

Filesize
1.3MB

Download
memory/1696-177-0x0000000000400000-0x000000000054F000-memory.dmp

Filesize
1.3MB

Download
memory/1736-178-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/1736-221-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/1908-155-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/1908-224-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2004-320-0x0000000000400000-0x000000000054F000-memory.dmp

Filesize
1.3MB

Download
memory/2040-80-0x0000000000400000-0x000000000054F000-memory.dmp

Filesize
1.3MB

Download
memory/2044-193-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2044-118-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2080-326-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2080-219-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2272-231-0x0000000000400000-0x000000000054F000-memory.dmp

Filesize
1.3MB

Download
memory/2304-238-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2368-239-0x0000000000400000-0x000000000054F000-memory.dmp

Filesize
1.3MB

Download
memory/2368-271-0x0000000000400000-0x000000000054F000-memory.dmp

Filesize
1.3MB

Download
memory/2448-257-0x0000000000400000-0x000000000054F000-memory.dmp

Filesize
1.3MB

Download
memory/2488-264-0x0000000000400000-0x000000000054F000-memory.dmp

Filesize
1.3MB

Download
memory/2504-276-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2568-308-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2568-275-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2600-277-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2844-303-0x0000000000400000-0x000000000054F000-memory.dmp

Filesize
1.3MB

Download
memory/2844-297-0x0000000000400000-0x000000000054F000-memory.dmp

Filesize
1.3MB

Download
memory/2868-292-0x0000000000400000-0x000000000054F000-memory.dmp

Filesize
1.3MB

Download
memory/2928-310-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2980-309-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads