d52b4189dccee476da84301edd9b57ed0120fe20d5cb694d927d547f6121c4c6

Analysis

max time kernel
129s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26-01-2024 07:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

76c2a25d7c8bd45b19e22305d7ae2690.exe
Size

287KB
MD5

76c2a25d7c8bd45b19e22305d7ae2690
SHA1

01b2aef9ddf8094f3b5c7a6d540401ea99cc1e81
SHA256

d52b4189dccee476da84301edd9b57ed0120fe20d5cb694d927d547f6121c4c6
SHA512

5b3045e5efce0d3d348283a5de2274896be42420aae8d082782243aeb0b473ef919353ce2754b54950430860638ab63fcfa15b2ebd5b5bce79bb921c48e84fbf
SSDEEP

6144:IwirQk1KL3RKANb3dzKTAUsTxhA42bdzytt3lR+6dPrYcWiV5+KN9nIlg3:I1QaE3hNzKTWTXKb87VRry8kMmy3

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2428	SServer.exe
2788	SServer.exe
2720	SServer.exe
2800	SServer.exe
2936	SServer.exe
2752	SServer.exe
3060	SServer.exe
1972	SServer.exe
2624	SServer.exe
3020	SServer.exe
2548	SServer.exe
1940	SServer.exe
680	SServer.exe
2808	SServer.exe
2872	SServer.exe
920	SServer.exe
2664	SServer.exe
1484	SServer.exe
2900	SServer.exe
2304	SServer.exe
2172	SServer.exe
896	SServer.exe
1908	SServer.exe
1876	SServer.exe
2496	SServer.exe
1660	SServer.exe
2184	SServer.exe
1268	SServer.exe
1752	SServer.exe
1376	SServer.exe
1764	SServer.exe
2136	SServer.exe
1304	SServer.exe
2404	SServer.exe
2460	SServer.exe
2400	SServer.exe
2424	SServer.exe
2960	SServer.exe
2092	SServer.exe
1668	SServer.exe
2660	SServer.exe
612	SServer.exe
2280	SServer.exe
1964	SServer.exe
656	SServer.exe
112	SServer.exe
1812	SServer.exe
2148	SServer.exe
2152	SServer.exe
2036	SServer.exe
2140	SServer.exe
2448	SServer.exe
792	SServer.exe
1052	SServer.exe
1160	SServer.exe
1560	SServer.exe
1916	SServer.exe
1088	SServer.exe
1404	SServer.exe
1912	SServer.exe
1688	SServer.exe
1084	SServer.exe
1216	SServer.exe
952	SServer.exe

Loads dropped DLL 64 IoCs

pid	Process
1672	76c2a25d7c8bd45b19e22305d7ae2690.exe
1672	76c2a25d7c8bd45b19e22305d7ae2690.exe
2428	SServer.exe
2428	SServer.exe
2788	SServer.exe
2788	SServer.exe
2720	SServer.exe
2720	SServer.exe
2800	SServer.exe
2800	SServer.exe
2936	SServer.exe
2936	SServer.exe
2752	SServer.exe
2752	SServer.exe
3060	SServer.exe
3060	SServer.exe
1972	SServer.exe
1972	SServer.exe
2624	SServer.exe
2624	SServer.exe
3020	SServer.exe
3020	SServer.exe
2548	SServer.exe
2548	SServer.exe
1940	SServer.exe
1940	SServer.exe
680	SServer.exe
680	SServer.exe
2808	SServer.exe
2808	SServer.exe
2872	SServer.exe
2872	SServer.exe
920	SServer.exe
920	SServer.exe
2664	SServer.exe
2664	SServer.exe
1484	SServer.exe
1484	SServer.exe
2900	SServer.exe
2900	SServer.exe
2304	SServer.exe
2304	SServer.exe
2172	SServer.exe
2172	SServer.exe
896	SServer.exe
896	SServer.exe
1908	SServer.exe
1908	SServer.exe
1876	SServer.exe
1876	SServer.exe
2496	SServer.exe
2496	SServer.exe
1660	SServer.exe
1660	SServer.exe
2184	SServer.exe
2184	SServer.exe
1268	SServer.exe
1268	SServer.exe
1752	SServer.exe
1752	SServer.exe
1376	SServer.exe
1376	SServer.exe
1764	SServer.exe
1764	SServer.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\SServer.exe	SServer.exe
File created	C:\Windows\SysWOW64\SServer.exe	SServer.exe
File created	C:\Windows\SysWOW64\SServer.exe	SServer.exe
File created	C:\Windows\SysWOW64\SServer.exe	SServer.exe
File created	C:\Windows\SysWOW64\SServer.exe	SServer.exe
File created	C:\Windows\SysWOW64\SServer.exe	SServer.exe
File created	C:\Windows\SysWOW64\SServer.exe	SServer.exe
File created	C:\Windows\SysWOW64\SServer.exe	SServer.exe
File created	C:\Windows\SysWOW64\SServer.exe	SServer.exe
File created	C:\Windows\SysWOW64\SServer.exe	SServer.exe
File created	C:\Windows\SysWOW64\SServer.exe	SServer.exe
File created	C:\Windows\SysWOW64\SServer.exe	SServer.exe
File created	C:\Windows\SysWOW64\SServer.exe	SServer.exe
File created	C:\Windows\SysWOW64\SServer.exe	SServer.exe
File created	C:\Windows\SysWOW64\SServer.exe	SServer.exe
File created	C:\Windows\SysWOW64\SServer.exe	SServer.exe
File created	C:\Windows\SysWOW64\SServer.exe	SServer.exe
File created	C:\Windows\SysWOW64\SServer.exe	SServer.exe
File created	C:\Windows\SysWOW64\SServer.exe	SServer.exe
File created	C:\Windows\SysWOW64\SServer.exe	SServer.exe
File created	C:\Windows\SysWOW64\SServer.exe	SServer.exe
File created	C:\Windows\SysWOW64\SServer.exe	SServer.exe
File created	C:\Windows\SysWOW64\SServer.exe	SServer.exe
File created	C:\Windows\SysWOW64\SServer.exe	SServer.exe
File created	C:\Windows\SysWOW64\SServer.exe	SServer.exe
File created	C:\Windows\SysWOW64\SServer.exe	SServer.exe
File created	C:\Windows\SysWOW64\SServer.exe	SServer.exe
File created	C:\Windows\SysWOW64\SServer.exe	SServer.exe
File created	C:\Windows\SysWOW64\SServer.exe	SServer.exe
File created	C:\Windows\SysWOW64\SServer.exe	SServer.exe
File created	C:\Windows\SysWOW64\SServer.exe	SServer.exe
File created	C:\Windows\SysWOW64\SServer.exe	SServer.exe
File created	C:\Windows\SysWOW64\SServer.exe	SServer.exe
File created	C:\Windows\SysWOW64\SServer.exe	SServer.exe
File created	C:\Windows\SysWOW64\SServer.exe	SServer.exe
File created	C:\Windows\SysWOW64\SServer.exe	SServer.exe
File created	C:\Windows\SysWOW64\SServer.exe	SServer.exe
File created	C:\Windows\SysWOW64\SServer.exe	SServer.exe
File created	C:\Windows\SysWOW64\SServer.exe	SServer.exe
File created	C:\Windows\SysWOW64\SServer.exe	SServer.exe
File created	C:\Windows\SysWOW64\SServer.exe	SServer.exe
File created	C:\Windows\SysWOW64\SServer.exe	SServer.exe
File created	C:\Windows\SysWOW64\SServer.exe	SServer.exe
File created	C:\Windows\SysWOW64\SServer.exe	SServer.exe
File created	C:\Windows\SysWOW64\SServer.exe	SServer.exe
File created	C:\Windows\SysWOW64\SServer.exe	SServer.exe
File created	C:\Windows\SysWOW64\SServer.exe	SServer.exe
File created	C:\Windows\SysWOW64\SServer.exe	SServer.exe
File created	C:\Windows\SysWOW64\SServer.exe	SServer.exe
File created	C:\Windows\SysWOW64\SServer.exe	SServer.exe
File created	C:\Windows\SysWOW64\SServer.exe	SServer.exe
File created	C:\Windows\SysWOW64\SServer.exe	SServer.exe
File created	C:\Windows\SysWOW64\SServer.exe	SServer.exe
File created	C:\Windows\SysWOW64\SServer.exe	SServer.exe
File created	C:\Windows\SysWOW64\SServer.exe	SServer.exe
File created	C:\Windows\SysWOW64\SServer.exe	SServer.exe
File created	C:\Windows\SysWOW64\SServer.exe	SServer.exe
File created	C:\Windows\SysWOW64\SServer.exe	SServer.exe
File created	C:\Windows\SysWOW64\SServer.exe	SServer.exe
File created	C:\Windows\SysWOW64\SServer.exe	SServer.exe
File created	C:\Windows\SysWOW64\SServer.exe	SServer.exe
File created	C:\Windows\SysWOW64\SServer.exe	SServer.exe
File created	C:\Windows\SysWOW64\SServer.exe	SServer.exe
File created	C:\Windows\SysWOW64\SServer.exe	SServer.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1672 wrote to memory of 2428	1672	76c2a25d7c8bd45b19e22305d7ae2690.exe	28
PID 1672 wrote to memory of 2428	1672	76c2a25d7c8bd45b19e22305d7ae2690.exe	28
PID 1672 wrote to memory of 2428	1672	76c2a25d7c8bd45b19e22305d7ae2690.exe	28
PID 1672 wrote to memory of 2428	1672	76c2a25d7c8bd45b19e22305d7ae2690.exe	28
PID 2428 wrote to memory of 2788	2428	SServer.exe	29
PID 2428 wrote to memory of 2788	2428	SServer.exe	29
PID 2428 wrote to memory of 2788	2428	SServer.exe	29
PID 2428 wrote to memory of 2788	2428	SServer.exe	29
PID 2788 wrote to memory of 2720	2788	SServer.exe	30
PID 2788 wrote to memory of 2720	2788	SServer.exe	30
PID 2788 wrote to memory of 2720	2788	SServer.exe	30
PID 2788 wrote to memory of 2720	2788	SServer.exe	30
PID 2720 wrote to memory of 2800	2720	SServer.exe	31
PID 2720 wrote to memory of 2800	2720	SServer.exe	31
PID 2720 wrote to memory of 2800	2720	SServer.exe	31
PID 2720 wrote to memory of 2800	2720	SServer.exe	31
PID 2800 wrote to memory of 2936	2800	SServer.exe	32
PID 2800 wrote to memory of 2936	2800	SServer.exe	32
PID 2800 wrote to memory of 2936	2800	SServer.exe	32
PID 2800 wrote to memory of 2936	2800	SServer.exe	32
PID 2936 wrote to memory of 2752	2936	SServer.exe	372
PID 2936 wrote to memory of 2752	2936	SServer.exe	372
PID 2936 wrote to memory of 2752	2936	SServer.exe	372
PID 2936 wrote to memory of 2752	2936	SServer.exe	372
PID 2752 wrote to memory of 3060	2752	SServer.exe	33
PID 2752 wrote to memory of 3060	2752	SServer.exe	33
PID 2752 wrote to memory of 3060	2752	SServer.exe	33
PID 2752 wrote to memory of 3060	2752	SServer.exe	33
PID 3060 wrote to memory of 1972	3060	SServer.exe	34
PID 3060 wrote to memory of 1972	3060	SServer.exe	34
PID 3060 wrote to memory of 1972	3060	SServer.exe	34
PID 3060 wrote to memory of 1972	3060	SServer.exe	34
PID 1972 wrote to memory of 2624	1972	SServer.exe	35
PID 1972 wrote to memory of 2624	1972	SServer.exe	35
PID 1972 wrote to memory of 2624	1972	SServer.exe	35
PID 1972 wrote to memory of 2624	1972	SServer.exe	35
PID 2624 wrote to memory of 3020	2624	SServer.exe	36
PID 2624 wrote to memory of 3020	2624	SServer.exe	36
PID 2624 wrote to memory of 3020	2624	SServer.exe	36
PID 2624 wrote to memory of 3020	2624	SServer.exe	36
PID 3020 wrote to memory of 2548	3020	SServer.exe	371
PID 3020 wrote to memory of 2548	3020	SServer.exe	371
PID 3020 wrote to memory of 2548	3020	SServer.exe	371
PID 3020 wrote to memory of 2548	3020	SServer.exe	371
PID 2548 wrote to memory of 1940	2548	SServer.exe	370
PID 2548 wrote to memory of 1940	2548	SServer.exe	370
PID 2548 wrote to memory of 1940	2548	SServer.exe	370
PID 2548 wrote to memory of 1940	2548	SServer.exe	370
PID 1940 wrote to memory of 680	1940	SServer.exe	37
PID 1940 wrote to memory of 680	1940	SServer.exe	37
PID 1940 wrote to memory of 680	1940	SServer.exe	37
PID 1940 wrote to memory of 680	1940	SServer.exe	37
PID 680 wrote to memory of 2808	680	SServer.exe	369
PID 680 wrote to memory of 2808	680	SServer.exe	369
PID 680 wrote to memory of 2808	680	SServer.exe	369
PID 680 wrote to memory of 2808	680	SServer.exe	369
PID 2808 wrote to memory of 2872	2808	SServer.exe	368
PID 2808 wrote to memory of 2872	2808	SServer.exe	368
PID 2808 wrote to memory of 2872	2808	SServer.exe	368
PID 2808 wrote to memory of 2872	2808	SServer.exe	368
PID 2872 wrote to memory of 920	2872	SServer.exe	38
PID 2872 wrote to memory of 920	2872	SServer.exe	38
PID 2872 wrote to memory of 920	2872	SServer.exe	38
PID 2872 wrote to memory of 920	2872	SServer.exe	38

C:\Users\Admin\AppData\Local\Temp\76c2a25d7c8bd45b19e22305d7ae2690.exe
"C:\Users\Admin\AppData\Local\Temp\76c2a25d7c8bd45b19e22305d7ae2690.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1672
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2428
- - C:\Windows\SysWOW64\SServer.exe
    C:\Windows\system32\SServer.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2788
  - - C:\Windows\SysWOW64\SServer.exe
      C:\Windows\system32\SServer.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:2720
    - - C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2800
      - C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2936
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2752

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3060
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1972
- - C:\Windows\SysWOW64\SServer.exe
    C:\Windows\system32\SServer.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2624
  - - C:\Windows\SysWOW64\SServer.exe
      C:\Windows\system32\SServer.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:3020
    - - C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2548

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:680
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2808

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:920
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2664
- - C:\Windows\SysWOW64\SServer.exe
    C:\Windows\system32\SServer.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1484
  - - C:\Windows\SysWOW64\SServer.exe
      C:\Windows\system32\SServer.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2900

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:896
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1908
- - C:\Windows\SysWOW64\SServer.exe
    C:\Windows\system32\SServer.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1876

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
PID:2496
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1660
- - C:\Windows\SysWOW64\SServer.exe
    C:\Windows\system32\SServer.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2184
  - - C:\Windows\SysWOW64\SServer.exe
      C:\Windows\system32\SServer.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1268
    - - C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1752
      - C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:1376
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1764
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        8⤵
        Executes dropped EXE
        
        PID:2136
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        9⤵
        Executes dropped EXE
        
        PID:1304
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        10⤵
        Executes dropped EXE
        
        PID:2404
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        11⤵
        Executes dropped EXE
        
        PID:2460
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        12⤵
        Executes dropped EXE
        
        PID:2400

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
- Executes dropped EXE
PID:2424
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- - C:\Windows\SysWOW64\SServer.exe
    C:\Windows\system32\SServer.exe
    3⤵
    - Executes dropped EXE
    PID:2092
  - - C:\Windows\SysWOW64\SServer.exe
      C:\Windows\system32\SServer.exe
      4⤵
      Executes dropped EXE
      PID:1668
    - - C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        5⤵
        Executes dropped EXE
        
        PID:2660
      - C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        6⤵
        Executes dropped EXE
        
        PID:612
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        7⤵
        Executes dropped EXE
        
        PID:2280
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        8⤵
        Executes dropped EXE
        
        PID:1964
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        9⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:656
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        10⤵
        Executes dropped EXE
        
        PID:112
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        11⤵
        Executes dropped EXE
        
        PID:1812

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
- Executes dropped EXE
PID:2148
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- - C:\Windows\SysWOW64\SServer.exe
    C:\Windows\system32\SServer.exe
    3⤵
    - Executes dropped EXE
    PID:2036
  - - C:\Windows\SysWOW64\SServer.exe
      C:\Windows\system32\SServer.exe
      4⤵
      Executes dropped EXE
      PID:2140
    - - C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        5⤵
        Executes dropped EXE
        
        PID:2448
      - C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        6⤵
        Executes dropped EXE
        
        PID:792
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        7⤵
        Executes dropped EXE
        
        PID:1052
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        8⤵
        Executes dropped EXE
        
        PID:1160
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        9⤵
        Executes dropped EXE
        
        PID:1560
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        10⤵
        Executes dropped EXE
        
        PID:1916

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
- Executes dropped EXE
PID:1088
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  - Executes dropped EXE
  PID:1404
- - C:\Windows\SysWOW64\SServer.exe
    C:\Windows\system32\SServer.exe
    3⤵
    - Executes dropped EXE
    PID:1912
  - - C:\Windows\SysWOW64\SServer.exe
      C:\Windows\system32\SServer.exe
      4⤵
      Executes dropped EXE
      PID:1688

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
- Executes dropped EXE
PID:1084
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  - Executes dropped EXE
  PID:1216
- - C:\Windows\SysWOW64\SServer.exe
    C:\Windows\system32\SServer.exe
    3⤵
    - Executes dropped EXE
    PID:952
  - - C:\Windows\SysWOW64\SServer.exe
      C:\Windows\system32\SServer.exe
      4⤵
      PID:1340

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
PID:1108
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  PID:844
- - C:\Windows\SysWOW64\SServer.exe
    C:\Windows\system32\SServer.exe
    3⤵
    PID:1016

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
PID:1092
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  - Drops file in System32 directory
  PID:2004
- - C:\Windows\SysWOW64\SServer.exe
    C:\Windows\system32\SServer.exe
    3⤵
    PID:1212
  - - C:\Windows\SysWOW64\SServer.exe
      C:\Windows\system32\SServer.exe
      4⤵
      PID:1780

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
PID:1208
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  - Drops file in System32 directory
  PID:904

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
PID:960
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  PID:948
- - C:\Windows\SysWOW64\SServer.exe
    C:\Windows\system32\SServer.exe
    3⤵
    PID:592

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
PID:2984
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  PID:3004
- - C:\Windows\SysWOW64\SServer.exe
    C:\Windows\system32\SServer.exe
    3⤵
    - Drops file in System32 directory
    PID:2160

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
PID:3036
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  PID:1176
- - C:\Windows\SysWOW64\SServer.exe
    C:\Windows\system32\SServer.exe
    3⤵
    PID:2012
  - - C:\Windows\SysWOW64\SServer.exe
      C:\Windows\system32\SServer.exe
      4⤵
      PID:2268

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
PID:860
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  - Drops file in System32 directory
  PID:2344
- - C:\Windows\SysWOW64\SServer.exe
    C:\Windows\system32\SServer.exe
    3⤵
    PID:2492
  - - C:\Windows\SysWOW64\SServer.exe
      C:\Windows\system32\SServer.exe
      4⤵
      PID:1248

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
PID:828
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  PID:2244
- - C:\Windows\SysWOW64\SServer.exe
    C:\Windows\system32\SServer.exe
    3⤵
    PID:1816

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
PID:2924
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  PID:2528
- - C:\Windows\SysWOW64\SServer.exe
    C:\Windows\system32\SServer.exe
    3⤵
    PID:2336

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
PID:1516
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  PID:892
- - C:\Windows\SysWOW64\SServer.exe
    C:\Windows\system32\SServer.exe
    3⤵
    PID:880

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
PID:1536
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  PID:2988
- - C:\Windows\SysWOW64\SServer.exe
    C:\Windows\system32\SServer.exe
    3⤵
    PID:1748

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
- Drops file in System32 directory
PID:1704
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  PID:2196

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
PID:1616
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  PID:1592

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
PID:2388
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  PID:1712
- - C:\Windows\SysWOW64\SServer.exe
    C:\Windows\system32\SServer.exe
    3⤵
    PID:3056
  - - C:\Windows\SysWOW64\SServer.exe
      C:\Windows\system32\SServer.exe
      4⤵
      PID:2748

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
PID:2292
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  PID:2108

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
PID:2380
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  PID:2668

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
PID:2948
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  PID:2780

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
- Drops file in System32 directory
PID:2848
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  - Drops file in System32 directory
  PID:2696

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
PID:2688
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  PID:2940
- - C:\Windows\SysWOW64\SServer.exe
    C:\Windows\system32\SServer.exe
    3⤵
    PID:2772
  - - C:\Windows\SysWOW64\SServer.exe
      C:\Windows\system32\SServer.exe
      4⤵
      PID:2712
    - - C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        5⤵
        
        PID:2764
      - C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        6⤵
        
        PID:2728
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        7⤵
        Drops file in System32 directory
        
        PID:2068
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        8⤵
        
        PID:2096
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        9⤵
        
        PID:2724

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
- Drops file in System32 directory
PID:2680
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  PID:2888
- - C:\Windows\SysWOW64\SServer.exe
    C:\Windows\system32\SServer.exe
    3⤵
    - Drops file in System32 directory
    PID:2904

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
PID:2576
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  PID:1664
- - C:\Windows\SysWOW64\SServer.exe
    C:\Windows\system32\SServer.exe
    3⤵
    PID:2592

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
- Drops file in System32 directory
PID:2628
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  PID:2620

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
PID:2676
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  - Drops file in System32 directory
  PID:3016
- - C:\Windows\SysWOW64\SServer.exe
    C:\Windows\system32\SServer.exe
    3⤵
    PID:2560

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
PID:268
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  PID:524
- - C:\Windows\SysWOW64\SServer.exe
    C:\Windows\system32\SServer.exe
    3⤵
    - Drops file in System32 directory
    PID:584

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
PID:436
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  - Drops file in System32 directory
  PID:2368
- - C:\Windows\SysWOW64\SServer.exe
    C:\Windows\system32\SServer.exe
    3⤵
    PID:2740

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
PID:2804
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  - Drops file in System32 directory
  PID:3032
- - C:\Windows\SysWOW64\SServer.exe
    C:\Windows\system32\SServer.exe
    3⤵
    PID:2640

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
- Drops file in System32 directory
PID:796
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  PID:1168
- - C:\Windows\SysWOW64\SServer.exe
    C:\Windows\system32\SServer.exe
    3⤵
    PID:984

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
PID:328
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  PID:1956

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
PID:1824
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  - Drops file in System32 directory
  PID:1952
- - C:\Windows\SysWOW64\SServer.exe
    C:\Windows\system32\SServer.exe
    3⤵
    - Drops file in System32 directory
    PID:2908
  - - C:\Windows\SysWOW64\SServer.exe
      C:\Windows\system32\SServer.exe
      4⤵
      PID:1900

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
PID:1724
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  PID:1384

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
PID:1000
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  PID:1868
- - C:\Windows\SysWOW64\SServer.exe
    C:\Windows\system32\SServer.exe
    3⤵
    PID:1544
  - - C:\Windows\SysWOW64\SServer.exe
      C:\Windows\system32\SServer.exe
      4⤵
      PID:2540

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
PID:1644
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  PID:1576
- - C:\Windows\SysWOW64\SServer.exe
    C:\Windows\system32\SServer.exe
    3⤵
    PID:1680
  - - C:\Windows\SysWOW64\SServer.exe
      C:\Windows\system32\SServer.exe
      4⤵
      PID:2504

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
PID:1224
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  PID:1960
- - C:\Windows\SysWOW64\SServer.exe
    C:\Windows\system32\SServer.exe
    3⤵
    PID:1460
  - - C:\Windows\SysWOW64\SServer.exe
      C:\Windows\system32\SServer.exe
      4⤵
      PID:2316

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
PID:1496
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  PID:2276
- - C:\Windows\SysWOW64\SServer.exe
    C:\Windows\system32\SServer.exe
    3⤵
    PID:1864

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
PID:2444
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  PID:1240
- - C:\Windows\SysWOW64\SServer.exe
    C:\Windows\system32\SServer.exe
    3⤵
    PID:588
  - - C:\Windows\SysWOW64\SServer.exe
      C:\Windows\system32\SServer.exe
      4⤵
      PID:2256

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
PID:2952
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  PID:2964
- - C:\Windows\SysWOW64\SServer.exe
    C:\Windows\system32\SServer.exe
    3⤵
    PID:564

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
PID:2880
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  PID:2060
- - C:\Windows\SysWOW64\SServer.exe
    C:\Windows\system32\SServer.exe
    3⤵
    PID:2076
  - - C:\Windows\SysWOW64\SServer.exe
      C:\Windows\system32\SServer.exe
      4⤵
      PID:1424

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
PID:2320
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  PID:1884

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
PID:1892
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  PID:2916
- - C:\Windows\SysWOW64\SServer.exe
    C:\Windows\system32\SServer.exe
    3⤵
    PID:572
  - - C:\Windows\SysWOW64\SServer.exe
      C:\Windows\system32\SServer.exe
      4⤵
      PID:2128
    - - C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        5⤵
        
        PID:2476

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
PID:1736
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  PID:3044
- - C:\Windows\SysWOW64\SServer.exe
    C:\Windows\system32\SServer.exe
    3⤵
    PID:2896

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
PID:1936
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  PID:2652
- - C:\Windows\SysWOW64\SServer.exe
    C:\Windows\system32\SServer.exe
    3⤵
    PID:820
  - - C:\Windows\SysWOW64\SServer.exe
      C:\Windows\system32\SServer.exe
      4⤵
      PID:2604
    - - C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        5⤵
        
        PID:2616
      - C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        6⤵
        
        PID:1640
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        7⤵
        
        PID:1728
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        8⤵
        
        PID:2508

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
PID:2760
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  PID:1480

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
- Drops file in System32 directory
PID:3080
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  PID:3088

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
PID:3096
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  PID:3104
- - C:\Windows\SysWOW64\SServer.exe
    C:\Windows\system32\SServer.exe
    3⤵
    PID:3112
  - - C:\Windows\SysWOW64\SServer.exe
      C:\Windows\system32\SServer.exe
      4⤵
      PID:3120

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
PID:3128
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  PID:3136

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
PID:3144
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  PID:3152
- - C:\Windows\SysWOW64\SServer.exe
    C:\Windows\system32\SServer.exe
    3⤵
    PID:3160
  - - C:\Windows\SysWOW64\SServer.exe
      C:\Windows\system32\SServer.exe
      4⤵
      PID:3168

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
PID:3176
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  PID:3184
- - C:\Windows\SysWOW64\SServer.exe
    C:\Windows\system32\SServer.exe
    3⤵
    PID:3192
  - - C:\Windows\SysWOW64\SServer.exe
      C:\Windows\system32\SServer.exe
      4⤵
      PID:3200
    - - C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        5⤵
        
        PID:3208

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
PID:3216
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  PID:3224
- - C:\Windows\SysWOW64\SServer.exe
    C:\Windows\system32\SServer.exe
    3⤵
    PID:3232
  - - C:\Windows\SysWOW64\SServer.exe
      C:\Windows\system32\SServer.exe
      4⤵
      PID:3244
    - - C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        5⤵
        
        PID:3252

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
- Drops file in System32 directory
PID:3260
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  PID:3268
- - C:\Windows\SysWOW64\SServer.exe
    C:\Windows\system32\SServer.exe
    3⤵
    PID:3276

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
PID:3284
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  PID:3292
- - C:\Windows\SysWOW64\SServer.exe
    C:\Windows\system32\SServer.exe
    3⤵
    PID:3300

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
PID:3308
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  - Drops file in System32 directory
  PID:3316
- - C:\Windows\SysWOW64\SServer.exe
    C:\Windows\system32\SServer.exe
    3⤵
    PID:3324

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
PID:3332
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  PID:3340
- - C:\Windows\SysWOW64\SServer.exe
    C:\Windows\system32\SServer.exe
    3⤵
    PID:3348
  - - C:\Windows\SysWOW64\SServer.exe
      C:\Windows\system32\SServer.exe
      4⤵
      PID:3356

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
PID:3364
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  PID:3372
- - C:\Windows\SysWOW64\SServer.exe
    C:\Windows\system32\SServer.exe
    3⤵
    PID:3380
  - - C:\Windows\SysWOW64\SServer.exe
      C:\Windows\system32\SServer.exe
      4⤵
      PID:3388
    - - C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        5⤵
        
        PID:3396

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
PID:3404
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  PID:3412

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
PID:3420
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  PID:3428
- - C:\Windows\SysWOW64\SServer.exe
    C:\Windows\system32\SServer.exe
    3⤵
    PID:3436
  - - C:\Windows\SysWOW64\SServer.exe
      C:\Windows\system32\SServer.exe
      4⤵
      PID:3444

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
PID:3452
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  PID:3460
- - C:\Windows\SysWOW64\SServer.exe
    C:\Windows\system32\SServer.exe
    3⤵
    PID:3468

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
PID:3476
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  PID:3484
- - C:\Windows\SysWOW64\SServer.exe
    C:\Windows\system32\SServer.exe
    3⤵
    PID:3492

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
PID:3500
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  - Drops file in System32 directory
  PID:3508

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
- Drops file in System32 directory
PID:3516
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  PID:3524

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
PID:3532
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  PID:3540

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
PID:3548
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  PID:3556
- - C:\Windows\SysWOW64\SServer.exe
    C:\Windows\system32\SServer.exe
    3⤵
    PID:3564

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
PID:3576
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  PID:3584
- - C:\Windows\SysWOW64\SServer.exe
    C:\Windows\system32\SServer.exe
    3⤵
    PID:3592

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
PID:3600
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  PID:3608

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
PID:3616
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  PID:3624
- - C:\Windows\SysWOW64\SServer.exe
    C:\Windows\system32\SServer.exe
    3⤵
    PID:3632
  - - C:\Windows\SysWOW64\SServer.exe
      C:\Windows\system32\SServer.exe
      4⤵
      PID:3640
    - - C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        5⤵
        
        PID:3648

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
PID:3656
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  PID:3664
- - C:\Windows\SysWOW64\SServer.exe
    C:\Windows\system32\SServer.exe
    3⤵
    PID:3672
  - - C:\Windows\SysWOW64\SServer.exe
      C:\Windows\system32\SServer.exe
      4⤵
      PID:3680
    - - C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        5⤵
        
        PID:3688

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
PID:3696
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  PID:3704
- - C:\Windows\SysWOW64\SServer.exe
    C:\Windows\system32\SServer.exe
    3⤵
    PID:3712

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
- Drops file in System32 directory
PID:3720
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  PID:3728
- - C:\Windows\SysWOW64\SServer.exe
    C:\Windows\system32\SServer.exe
    3⤵
    PID:3736

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
PID:3744
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  PID:3752
- - C:\Windows\SysWOW64\SServer.exe
    C:\Windows\system32\SServer.exe
    3⤵
    PID:3760

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
PID:3768
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  PID:3776
- - C:\Windows\SysWOW64\SServer.exe
    C:\Windows\system32\SServer.exe
    3⤵
    PID:3784

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
PID:3792
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  - Drops file in System32 directory
  PID:3800
- - C:\Windows\SysWOW64\SServer.exe
    C:\Windows\system32\SServer.exe
    3⤵
    PID:3808
  - - C:\Windows\SysWOW64\SServer.exe
      C:\Windows\system32\SServer.exe
      4⤵
      PID:3816

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
PID:3824
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  PID:3832
- - C:\Windows\SysWOW64\SServer.exe
    C:\Windows\system32\SServer.exe
    3⤵
    PID:3840

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
PID:3848
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  - Drops file in System32 directory
  PID:3860
- - C:\Windows\SysWOW64\SServer.exe
    C:\Windows\system32\SServer.exe
    3⤵
    PID:3868

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
PID:3876
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  PID:3884
- - C:\Windows\SysWOW64\SServer.exe
    C:\Windows\system32\SServer.exe
    3⤵
    PID:3892
  - - C:\Windows\SysWOW64\SServer.exe
      C:\Windows\system32\SServer.exe
      4⤵
      PID:3900
    - - C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        5⤵
        Drops file in System32 directory
        
        PID:3908
      - C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        6⤵
        
        PID:3916
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        7⤵
        
        PID:3924
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        8⤵
        
        PID:3932

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
- Drops file in System32 directory
PID:3940
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  - Drops file in System32 directory
  PID:3948
- - C:\Windows\SysWOW64\SServer.exe
    C:\Windows\system32\SServer.exe
    3⤵
    PID:3956
  - - C:\Windows\SysWOW64\SServer.exe
      C:\Windows\system32\SServer.exe
      4⤵
      PID:3964
    - - C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        5⤵
        
        PID:3972
      - C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        6⤵
        
        PID:3980

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
PID:3988
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  PID:3996
- - C:\Windows\SysWOW64\SServer.exe
    C:\Windows\system32\SServer.exe
    3⤵
    PID:4004
  - - C:\Windows\SysWOW64\SServer.exe
      C:\Windows\system32\SServer.exe
      4⤵
      PID:4012
    - - C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        5⤵
        Drops file in System32 directory
        
        PID:4020
      - C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        6⤵
        
        PID:4028

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
PID:4036
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  PID:4044
- - C:\Windows\SysWOW64\SServer.exe
    C:\Windows\system32\SServer.exe
    3⤵
    PID:4052
  - - C:\Windows\SysWOW64\SServer.exe
      C:\Windows\system32\SServer.exe
      4⤵
      Drops file in System32 directory
      PID:4060
    - - C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        5⤵
        
        PID:4068
      - C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        6⤵
        
        PID:4076
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        7⤵
        
        PID:4084
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        8⤵
        
        PID:4092

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
PID:3240
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  PID:1804
- - C:\Windows\SysWOW64\SServer.exe
    C:\Windows\system32\SServer.exe
    3⤵
    PID:3572
  - - C:\Windows\SysWOW64\SServer.exe
      C:\Windows\system32\SServer.exe
      4⤵
      PID:4100
    - - C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        5⤵
        
        PID:4108

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
PID:4116
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  PID:4124
- - C:\Windows\SysWOW64\SServer.exe
    C:\Windows\system32\SServer.exe
    3⤵
    PID:4136

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
PID:4144
- C:\Windows\SysWOW64\SServer.exe
  C:\Windows\system32\SServer.exe
  2⤵
  PID:4152
- - C:\Windows\SysWOW64\SServer.exe
    C:\Windows\system32\SServer.exe
    3⤵
    PID:4160
  - - C:\Windows\SysWOW64\SServer.exe
      C:\Windows\system32\SServer.exe
      4⤵
      PID:4168
    - - C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        5⤵
        
        PID:4176
      - C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        6⤵
        
        PID:4184
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        7⤵
        
        PID:4192
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        8⤵
        
        PID:4200
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        9⤵
        Drops file in System32 directory
        
        PID:4208
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        10⤵
        
        PID:4216
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        11⤵
        
        PID:4224
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        12⤵
        
        PID:4232
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        13⤵
        
        PID:4240
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        14⤵
        
        PID:4248
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        15⤵
        
        PID:4256
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        16⤵
        
        PID:4264
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        17⤵
        
        PID:4272
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        18⤵
        
        PID:4280
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        19⤵
        
        PID:4288
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        20⤵
        Drops file in System32 directory
        
        PID:4296
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        21⤵
        
        PID:4304
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        22⤵
        
        PID:4312
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        23⤵
        
        PID:4320
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        24⤵
        
        PID:4328
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        25⤵
        
        PID:4336
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        26⤵
        
        PID:4344
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        27⤵
        
        PID:4352
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        28⤵
        
        PID:4360
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        29⤵
        
        PID:4368
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        30⤵
        
        PID:4376
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        31⤵
        
        PID:4384
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        32⤵
        
        PID:4392
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        33⤵
        
        PID:4404
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        34⤵
        
        PID:4412
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        35⤵
        
        PID:4420
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        36⤵
        
        PID:4428
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        37⤵
        
        PID:4436
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        38⤵
        
        PID:4444
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        39⤵
        
        PID:4452
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        40⤵
        
        PID:4460
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        41⤵
        
        PID:4468
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        42⤵
        Drops file in System32 directory
        
        PID:4476
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        43⤵
        
        PID:4484
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        44⤵
        
        PID:4492
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        45⤵
        
        PID:4500
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        46⤵
        
        PID:4508
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        47⤵
        
        PID:4516
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        48⤵
        
        PID:4524
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        49⤵
        
        PID:4532
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        50⤵
        
        PID:4540
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        51⤵
        
        PID:4548
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        52⤵
        Drops file in System32 directory
        
        PID:4556
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        53⤵
        Drops file in System32 directory
        
        PID:4564
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        54⤵
        
        PID:4572
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        55⤵
        
        PID:4580
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        56⤵
        
        PID:4588
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        57⤵
        
        PID:4596
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        58⤵
        
        PID:4608
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        59⤵
        Drops file in System32 directory
        
        PID:4616
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        60⤵
        
        PID:4624
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        61⤵
        
        PID:4632
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        62⤵
        
        PID:4640
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        63⤵
        Drops file in System32 directory
        
        PID:4652
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        64⤵
        
        PID:4660
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        65⤵
        
        PID:4668
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        66⤵
        
        PID:4676
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        67⤵
        
        PID:4684
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        68⤵
        
        PID:4692
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        69⤵
        
        PID:4700
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        70⤵
        
        PID:4708
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        71⤵
        
        PID:4716
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        72⤵
        
        PID:4724
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        73⤵
        
        PID:4732
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        74⤵
        
        PID:4740
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        75⤵
        
        PID:4748
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        76⤵
        
        PID:4756
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        77⤵
        
        PID:4764
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        78⤵
        
        PID:4772
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        79⤵
        
        PID:4780
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        80⤵
        
        PID:4788
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        81⤵
        
        PID:4796
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        82⤵
        
        PID:4804
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        83⤵
        Drops file in System32 directory
        
        PID:4812
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        84⤵
        
        PID:4820
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        85⤵
        
        PID:4828
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        86⤵
        
        PID:4836
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        87⤵
        
        PID:4844
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        88⤵
        
        PID:4852
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        89⤵
        
        PID:4860
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        90⤵
        
        PID:4868
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        91⤵
        
        PID:4880
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        92⤵
        
        PID:4888
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        93⤵
        
        PID:4896
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        94⤵
        
        PID:4904
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        95⤵
        
        PID:4912
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        96⤵
        
        PID:4920
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        97⤵
        
        PID:4928
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        98⤵
        
        PID:4936
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        99⤵
        
        PID:4944
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        100⤵
        
        PID:4952
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        101⤵
        Drops file in System32 directory
        
        PID:4960
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        102⤵
        
        PID:4968
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        103⤵
        
        PID:4976
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        104⤵
        
        PID:4984
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        105⤵
        
        PID:4992
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        106⤵
        
        PID:5000
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        107⤵
        
        PID:5008
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        108⤵
        
        PID:5016
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        109⤵
        
        PID:5024
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        110⤵
        
        PID:5032
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        111⤵
        
        PID:5040
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        112⤵
        
        PID:5048
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        113⤵
        
        PID:5056
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        114⤵
        
        PID:5064
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        115⤵
        
        PID:5072
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        116⤵
        
        PID:5080
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        117⤵
        
        PID:5088
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        118⤵
        
        PID:5096
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        119⤵
        
        PID:5104
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        120⤵
        
        PID:5112
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        121⤵
        
        PID:4400
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        122⤵
        
        PID:4876
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        123⤵
        
        PID:5124
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        124⤵
        
        PID:5132
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        125⤵
        Drops file in System32 directory
        
        PID:5140
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        126⤵
        
        PID:5148
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        127⤵
        
        PID:5156
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        128⤵
        
        PID:5164
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        129⤵
        
        PID:5172
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        130⤵
        
        PID:5180
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        131⤵
        Drops file in System32 directory
        
        PID:5188
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        132⤵
        Drops file in System32 directory
        
        PID:5196
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        133⤵
        
        PID:5204
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        134⤵
        
        PID:5212
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        135⤵
        
        PID:5220
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        136⤵
        
        PID:5228
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        137⤵
        
        PID:5236
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        138⤵
        
        PID:5244
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        139⤵
        
        PID:5252
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        140⤵
        
        PID:5260
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        141⤵
        
        PID:5268
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        142⤵
        
        PID:5276
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        143⤵
        
        PID:5284
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        144⤵
        
        PID:5292
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        145⤵
        
        PID:5300
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        146⤵
        
        PID:5308
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        147⤵
        
        PID:5316
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        148⤵
        Drops file in System32 directory
        
        PID:5324
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        149⤵
        
        PID:5332
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        150⤵
        
        PID:5344
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        151⤵
        
        PID:5352
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        152⤵
        
        PID:5360
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        153⤵
        
        PID:5368
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        154⤵
        
        PID:5376
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        155⤵
        
        PID:5384
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        156⤵
        
        PID:5392
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        157⤵
        
        PID:5400
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        158⤵
        
        PID:5408
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        159⤵
        
        PID:5416
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        160⤵
        
        PID:5424
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        161⤵
        
        PID:5432
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        162⤵
        
        PID:5440
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        163⤵
        
        PID:5448
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        164⤵
        
        PID:5456
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        165⤵
        
        PID:5464
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        166⤵
        
        PID:5472
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        167⤵
        
        PID:5480
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        168⤵
        
        PID:5488
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        169⤵
        
        PID:5496
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        170⤵
        
        PID:5504
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        171⤵
        
        PID:5512
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        172⤵
        
        PID:5520
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        173⤵
        
        PID:5528
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        174⤵
        
        PID:5536
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        175⤵
        
        PID:5544
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        176⤵
        
        PID:5552
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        177⤵
        Drops file in System32 directory
        
        PID:5560
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        178⤵
        
        PID:5572
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        179⤵
        
        PID:5580
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        180⤵
        
        PID:5588
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        181⤵
        
        PID:5596
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        182⤵
        
        PID:5604
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        183⤵
        
        PID:5612
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        184⤵
        Drops file in System32 directory
        
        PID:5620
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        185⤵
        
        PID:5628
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        186⤵
        
        PID:5636
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        187⤵
        
        PID:5644
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        188⤵
        
        PID:5652
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        189⤵
        
        PID:5660
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        190⤵
        
        PID:5668
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        191⤵
        
        PID:5676
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        192⤵
        
        PID:5684
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        193⤵
        Drops file in System32 directory
        
        PID:5692
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        194⤵
        
        PID:5700
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        195⤵
        
        PID:5708
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        196⤵
        
        PID:5716
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        197⤵
        
        PID:5724
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        198⤵
        
        PID:5732
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        199⤵
        
        PID:5740
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        200⤵
        Drops file in System32 directory
        
        PID:5748
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        201⤵
        
        PID:5756
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        202⤵
        
        PID:5764
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        203⤵
        
        PID:5772
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        204⤵
        
        PID:5780
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        205⤵
        
        PID:5788
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        206⤵
        
        PID:5796
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        207⤵
        
        PID:5804
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        208⤵
        
        PID:5816
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        209⤵
        
        PID:5824
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        210⤵
        
        PID:5832
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        211⤵
        
        PID:5840
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        212⤵
        
        PID:5848
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        213⤵
        
        PID:5856
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        214⤵
        
        PID:5864
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        215⤵
        
        PID:5872
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        216⤵
        Drops file in System32 directory
        
        PID:5880
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        217⤵
        
        PID:5888
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        218⤵
        
        PID:5896
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        219⤵
        
        PID:5904
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        220⤵
        
        PID:5912
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        221⤵
        
        PID:5920
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        222⤵
        
        PID:5928
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        223⤵
        
        PID:5936
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        224⤵
        
        PID:5944
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        225⤵
        
        PID:5952
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        226⤵
        
        PID:5960
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        227⤵
        
        PID:5968
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        228⤵
        
        PID:5976
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        229⤵
        Drops file in System32 directory
        
        PID:5984
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        230⤵
        
        PID:5992
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        231⤵
        
        PID:6000
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        232⤵
        
        PID:6008
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        233⤵
        
        PID:6016
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        234⤵
        
        PID:6024
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        235⤵
        
        PID:6036
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        236⤵
        
        PID:6044
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        237⤵
        Drops file in System32 directory
        
        PID:6052
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        238⤵
        
        PID:6060
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        239⤵
        
        PID:6068
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        240⤵
        
        PID:6076
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        241⤵
        Drops file in System32 directory
        
        PID:6084
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        242⤵
        
        PID:6092
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        243⤵
        Drops file in System32 directory
        
        PID:6100
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        244⤵
        
        PID:6108
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        245⤵
        
        PID:6116
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        246⤵
        
        PID:6124
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        247⤵
        
        PID:6132
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        248⤵
        
        PID:6140
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        249⤵
        
        PID:5340
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        250⤵
        
        PID:5812
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        251⤵
        
        PID:6152
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        252⤵
        
        PID:6160
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        253⤵
        
        PID:6168
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        254⤵
        
        PID:6176
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        255⤵
        
        PID:6184
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        256⤵
        
        PID:6192
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        257⤵
        
        PID:6200
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        258⤵
        
        PID:6208
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        259⤵
        
        PID:6216
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        260⤵
        
        PID:6224
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        261⤵
        
        PID:6232
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        262⤵
        
        PID:6244
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        263⤵
        
        PID:6252
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        264⤵
        
        PID:6260
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        265⤵
        
        PID:6268
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        266⤵
        
        PID:6276
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        267⤵
        
        PID:6284
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        268⤵
        
        PID:6292
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        269⤵
        
        PID:6300
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        270⤵
        
        PID:6308
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        271⤵
        
        PID:6316
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        272⤵
        
        PID:6324
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        273⤵
        
        PID:6332
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        274⤵
        
        PID:6340
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        275⤵
        
        PID:6348
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        276⤵
        
        PID:6356
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        277⤵
        Drops file in System32 directory
        
        PID:6364
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        278⤵
        
        PID:6376
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        279⤵
        
        PID:6384
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        280⤵
        
        PID:6392
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        281⤵
        
        PID:6400
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        282⤵
        
        PID:6408
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        283⤵
        Drops file in System32 directory
        
        PID:6416
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        284⤵
        
        PID:6424
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        285⤵
        
        PID:6432
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        286⤵
        
        PID:6440
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        287⤵
        
        PID:6448
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        288⤵
        
        PID:6456
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        289⤵
        
        PID:6464
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        290⤵
        Drops file in System32 directory
        
        PID:6472
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        291⤵
        
        PID:6480
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        292⤵
        
        PID:6488
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        293⤵
        
        PID:6496
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        294⤵
        
        PID:6504
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        295⤵
        
        PID:6512
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        296⤵
        
        PID:6520
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        297⤵
        
        PID:6528
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        298⤵
        
        PID:6536
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        299⤵
        
        PID:6544
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        300⤵
        
        PID:6552
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        301⤵
        
        PID:6560
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        302⤵
        
        PID:6568
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        303⤵
        
        PID:6580
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        304⤵
        
        PID:6588
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        305⤵
        
        PID:6596
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        306⤵
        
        PID:6608
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        307⤵
        
        PID:6616
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        308⤵
        
        PID:6624
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        309⤵
        
        PID:6632
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        310⤵
        Drops file in System32 directory
        
        PID:6644
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        311⤵
        
        PID:6652
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        312⤵
        
        PID:6660
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        313⤵
        
        PID:6668
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        314⤵
        
        PID:6676
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        315⤵
        
        PID:6684
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        316⤵
        
        PID:6692
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        317⤵
        
        PID:6700
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        318⤵
        
        PID:6708
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        319⤵
        
        PID:6716
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        320⤵
        
        PID:6724
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        321⤵
        
        PID:6732
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        322⤵
        
        PID:6740
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        323⤵
        
        PID:6752
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        324⤵
        
        PID:6760
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        325⤵
        
        PID:6768
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        326⤵
        Drops file in System32 directory
        
        PID:6780
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        327⤵
        
        PID:6788
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        328⤵
        Drops file in System32 directory
        
        PID:6796
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        329⤵
        
        PID:6804
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        330⤵
        
        PID:6812
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        331⤵
        
        PID:6820
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        332⤵
        
        PID:6828
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        333⤵
        
        PID:6836
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        334⤵
        
        PID:6844
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        335⤵
        
        PID:6852
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        336⤵
        
        PID:6860
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        337⤵
        
        PID:6868
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        338⤵
        
        PID:6876
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        339⤵
        
        PID:6884
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        340⤵
        
        PID:6892
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        341⤵
        
        PID:6904
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        342⤵
        
        PID:6912
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        343⤵
        
        PID:7096
        
        C:\Windows\SysWOW64\SServer.exe
        
        C:\Windows\system32\SServer.exe
        344⤵
        
        PID:2868

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2172

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2304

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2872

C:\Windows\SysWOW64\SServer.exe
C:\Windows\system32\SServer.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1940

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\SServer.exe

Filesize
1KB

MD5
f92e88efac19ddf87540535cc2ddcb96

SHA1
1d03af9c716939f0fcca1ff17093bbaa9e8cba80

SHA256
4c9eadd0c2a998ad5c9a75ca826fdb529c336e074d46565200754733fb3f7c0c

SHA512
12d6d22185432473cc7dd1e43c81b7e019f60c6dc6cc73057d8ae28d3a713787421faa164ce1b198f2a5d77c02ee680905b85b9df96e87c53de4bc7c8ec89430

Download Submit
C:\Windows\SysWOW64\SServer.exe

Filesize
280KB

MD5
6fe4f810fd4f1dbc30b38359e3838c03

SHA1
5c1bd45da403f90bc62f921c86a9da7e75cd0d5e

SHA256
f388161a8c240c81fdef28d1a8688040a5377b01d9b3745e363df5310cbfb188

SHA512
69fe95cbd19d12ba5abb37c7be4c5c4e657ff1c5b2758fa7b403aba7941bc20816698cc3546d692a75f88ff188e4bc2ab29bffe50b3e2fbe8d2225859dea3f07

Download Submit
C:\Windows\SysWOW64\SServer.exe

Filesize
84KB

MD5
d216d4815252d970ea6e7a6d0757b632

SHA1
80b12e5893c0c4fd177d9673f737255b61fbba1b

SHA256
cf80b21e34d28baf2a85d3219f31027b7fe6d7827326f8c4e2714e8cd09a414b

SHA512
5847282dcac0c1a6ae667265a64eb776c7489b72cf63c18f5bc2668f536f79ccb9dedd1b55aae6d4c3870405d5ed787a837510edb837010e181d5ca6161dc20d

Download Submit
C:\Windows\SysWOW64\SServer.exe

Filesize
98KB

MD5
41576ce3c5a4c61f6873434a734a079e

SHA1
77a36fa513721bf441e5ae606bf04b1975817d23

SHA256
ca12c0cf85f4e789ba9aa2aaa6c976ab067aad8722af190675b18ea918132002

SHA512
7bdb4d9be3901298226ce850bbc8c05962e53f6556dd7c79052f077e9e9f2c150640eaf9c07cbc697be4db9e196f250c18510018c5fd04220bd806d650296d7d

Download Submit
C:\Windows\SysWOW64\SServer.exe

Filesize
24KB

MD5
5a015753001758a6ee8adcd35c27514c

SHA1
144dc77598dc19ff918ee7085cc4c70527fa7ac0

SHA256
7e5ba7f36d160cc7ae2274a8489b91152fac2ee0613a0309a146f1aa25e5e046

SHA512
99da21372f5f953110c493574ca7eb3b970124a910763c70a4a1d710dd9b91b02d68fea3219bfd65301c61bb9ef74b2510b6bf40fd5c6c300025f93fb5c210b4

Download Submit
C:\Windows\SysWOW64\SServer.exe

Filesize
40KB

MD5
ed0c10c6daa3ebe95f81d18b42089fc5

SHA1
2c541dc7ae5f582ecbcfddd7da5920b78d61ce67

SHA256
65d113624b8b36b4bda282bf05f20360662be254f8c832749c9825be47920acb

SHA512
5365378042141e8dd2ead2cd54ada1c434d827c3bde68746c6585c9f37f3292f13b7fba3b1fad069430393c4c36e787104faac9b8a3151695582c4a62a611c40

Download Submit
\Windows\SysWOW64\SServer.exe

Filesize
46KB

MD5
5a3e23a4ca7aba125a3e4c11909883ee

SHA1
94dd27960b03d8c2e616e56f16fa107bfc867560

SHA256
885d2cbfb55028999a444a22f6fe16601ebc7083ff2b91715e4c6f0f25533d9d

SHA512
e728ff76334cb5caa4542abeeca256b49a8902a0bce6186595dff16a3906aeb17e0646a9f967c8def32fb978993812527cb2fd6eff04f5c51bc5cf0577cbebb6

Download Submit
\Windows\SysWOW64\SServer.exe

Filesize
89KB

MD5
ff13d6a692ab56b85b08b27633b074e4

SHA1
8515dfb65e14beea5d45ee248ad3d5dc506813fe

SHA256
9f9e26d65254383f2dd881df08ec91a1977c0f156d9e92bef8800f42de86fba7

SHA512
760e721b853a1808dea8e42728238b5acde31861697628912a02974d04ed54f7922f9e1c525c7a05a2e120bf8183f7c52ae662d8057f0a4ff30ac4beb6ccce0e

Download Submit
\Windows\SysWOW64\SServer.exe

Filesize
12KB

MD5
d5c54b4e0b88e50d927f35dd88f7ccd7

SHA1
d996d9fcd34144eb60207b8c8ff577ed06ae728d

SHA256
f7130e853f0588aa68133d3447d1af700cf59442ce672b819a2b04ec391599b3

SHA512
13d45df02f04cecbff1af71b8b5263848694b536bb5a8c95a89e9fd12b2f1c560cc88b1feb28a466ac72dfc505deab584d4a9f20521df6b520a8a617ddcb1eed

Download Submit
\Windows\SysWOW64\SServer.exe

Filesize
287KB

MD5
76c2a25d7c8bd45b19e22305d7ae2690

SHA1
01b2aef9ddf8094f3b5c7a6d540401ea99cc1e81

SHA256
d52b4189dccee476da84301edd9b57ed0120fe20d5cb694d927d547f6121c4c6

SHA512
5b3045e5efce0d3d348283a5de2274896be42420aae8d082782243aeb0b473ef919353ce2754b54950430860638ab63fcfa15b2ebd5b5bce79bb921c48e84fbf

Download Submit
\Windows\SysWOW64\SServer.exe

Filesize
285KB

MD5
7a9d4eabfd6d696d6f370fc7ec463bd7

SHA1
be606b100ef1b8f13d2a0bc291671841ece5f9fb

SHA256
4e898fbe59607df3339500e80b9281d7517103e6eb238ef4b85b8136466c40fd

SHA512
fe4586c8db9aca7aea95ad7cc33154884e18881938790702f9ad7034b029e59176f54ff26b29afef8e0ceca52b934df34c492ca9aeb0f62d908ec11c5ea5c329

Download Submit
\Windows\SysWOW64\SServer.exe

Filesize
157KB

MD5
613955ae416698e1e147c1a0378d7e77

SHA1
ffd00830ddafef17bf702e71e50f33ecb677264d

SHA256
24195a18fb2d07f68a95d2369b650db1f5933d596bafefd674b421c792ea9665

SHA512
cbe80200ebd991e10bd10ece93d4b8ae29466d6c5f1c260d762c6aa735010d8d2a97099abc9c7c15dc3f6f2d4985640bdc1fb1ffb7afc72724ed9ab8af0559bf

Download Submit
\Windows\SysWOW64\SServer.exe

Filesize
63KB

MD5
610312d17485d346bd0f34f5002f2d04

SHA1
c1ec1be4de05f5a201c79ddf673e84af38936613

SHA256
12495d6c37674bd61c32caa63407cc6ab1529ac3f93e8668298c3eb7ca476f24

SHA512
762035d42eaba6800dc0353f832587cd5a1352026f74f55ae48d63d007351bade8ecbe0e8c007580c8cbcd28756da226fcb396078e76b1e419ba7b5e52f95059

Download Submit
\Windows\SysWOW64\SServer.exe

Filesize
43KB

MD5
9120035c3aca5857537650aee5e5d014

SHA1
528d32b2732c74db358b80c5369769e755d4a0f4

SHA256
79810cd4cfd4787d5a2d6ba86f31c859b11bc70c898bfedf54ca9e926ed4467a

SHA512
db2d552730dd2bbdf56eb72542df2a5f36d76b4733d9093e4b81e8b05b829b33712aeef1d7204795d83e4266056f4557be213bc03e34eb9b36455930dfc2e70d

Download Submit
\Windows\SysWOW64\SServer.exe

Filesize
44KB

MD5
738f8555aaa7b24d585ff34f9242dc49

SHA1
95110d4947cc4a4caa757838b90880476af7b5fd

SHA256
2e20d0c7863412d481a70e22d28493851e5ab857cabf5aad49bd467634f79b32

SHA512
b32fe4dda2b661d72b9f9a3407123e00cbfeb93d962493ed31f554283157ced5b6c1ebfb84e0cab11c4f27cf70e7ec93ff1f2bec20865414bf5e211d0187c898

Download Submit
\Windows\SysWOW64\SServer.exe

Filesize
10KB

MD5
2638022f4cd6a521fea932c9d302292f

SHA1
fc4b5bcf04c849b0530555ae2e0325533ffe791e

SHA256
f7c5e8c9c99a35e4199ab44a21a29b221b1a304965082103f936e1e640d08558

SHA512
74c0846224c1c753844e974d2414229d5ab2559f1d73b94024a2f154ed881a0ce6778a6d162f3879cfc8e9226f033f7136b45d90215521bb1d5e779b97a1d9e3

Download Submit
\Windows\SysWOW64\SServer.exe

Filesize
56KB

MD5
384a9e317e7486c85b8eca2911b4112b

SHA1
cf7e5fa06770dc581c2847d8aa220279a38b10b1

SHA256
97cce5a50abdfbc8413bc0cff4e70669d8bc771d6dc98a5f9a0638c6614133e9

SHA512
5f4c86fd4d10b1329b5cfa465cad6d7b2a4c3da4719e019b8e3190584f334c1e4d584542cda423aef5538f607f25f08d202f7196b6794f1d5f9a2533b8b44b02

Download Submit
memory/112-229-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/612-228-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/656-225-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/680-125-0x0000000002030000-0x00000000020F7000-memory.dmp

Filesize
796KB

Download
memory/680-92-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/680-95-0x0000000002030000-0x00000000020F7000-memory.dmp

Filesize
796KB

Download
memory/680-195-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/844-231-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/896-203-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/920-102-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/920-198-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/920-129-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/920-106-0x0000000001FD0000-0x0000000002097000-memory.dmp

Filesize
796KB

Download
memory/960-239-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/1084-233-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/1088-235-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/1108-243-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/1160-230-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/1212-240-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/1216-242-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/1268-213-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/1304-211-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/1376-210-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/1484-131-0x00000000003A0000-0x00000000003A1000-memory.dmp

Filesize
4KB

Download
memory/1484-114-0x0000000002BC0000-0x0000000002C87000-memory.dmp

Filesize
796KB

Download
memory/1484-113-0x0000000002BC0000-0x0000000002C87000-memory.dmp

Filesize
796KB

Download
memory/1484-112-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/1484-186-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/1560-234-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/1660-207-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/1668-224-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/1672-43-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/1672-181-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/1672-39-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/1672-0-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/1672-4-0x0000000001F80000-0x0000000002047000-memory.dmp

Filesize
796KB

Download
memory/1672-1-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/1752-209-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/1764-215-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/1780-238-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/1812-227-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/1876-205-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/1908-204-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/1912-244-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/1940-194-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/1940-76-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/1940-81-0x0000000001FD0000-0x0000000002097000-memory.dmp

Filesize
796KB

Download
memory/1940-79-0x0000000001FD0000-0x0000000002097000-memory.dmp

Filesize
796KB

Download
memory/1964-236-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/1972-57-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download
memory/1972-51-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/1972-189-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/2036-237-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/2092-218-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/2136-214-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/2140-217-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/2148-222-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/2152-241-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/2172-201-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/2184-208-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/2280-226-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/2304-202-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/2304-124-0x0000000002090000-0x0000000002157000-memory.dmp

Filesize
796KB

Download
memory/2304-119-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/2304-122-0x0000000002090000-0x0000000002157000-memory.dmp

Filesize
796KB

Download
memory/2400-219-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/2404-212-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/2424-220-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/2428-16-0x0000000002C60000-0x0000000002D27000-memory.dmp

Filesize
796KB

Download
memory/2428-17-0x0000000002C60000-0x0000000002D27000-memory.dmp

Filesize
796KB

Download
memory/2428-11-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/2428-182-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/2428-23-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2428-54-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/2448-232-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/2460-216-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/2496-206-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/2548-75-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/2548-193-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/2548-86-0x0000000002040000-0x0000000002107000-memory.dmp

Filesize
796KB

Download
memory/2548-89-0x0000000002040000-0x0000000002107000-memory.dmp

Filesize
796KB

Download
memory/2624-63-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/2624-66-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2624-188-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/2660-221-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/2664-130-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/2664-199-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/2664-107-0x00000000020E0000-0x00000000021A7000-memory.dmp

Filesize
796KB

Download
memory/2664-110-0x00000000020E0000-0x00000000021A7000-memory.dmp

Filesize
796KB

Download
memory/2720-26-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2720-185-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/2720-22-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/2720-71-0x0000000002C50000-0x0000000002D17000-memory.dmp

Filesize
796KB

Download
memory/2720-60-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/2752-46-0x0000000001FA0000-0x0000000002067000-memory.dmp

Filesize
796KB

Download
memory/2752-190-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/2752-128-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/2752-41-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2752-45-0x0000000001FA0000-0x0000000002067000-memory.dmp

Filesize
796KB

Download
memory/2788-56-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/2788-24-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2788-183-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/2788-19-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/2800-184-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/2800-67-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/2800-29-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/2800-33-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2808-196-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/2808-96-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/2808-99-0x00000000004D0000-0x0000000000597000-memory.dmp

Filesize
796KB

Download
memory/2808-126-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2872-197-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/2872-101-0x0000000002D10000-0x0000000002DD7000-memory.dmp

Filesize
796KB

Download
memory/2872-127-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/2900-118-0x0000000002CA0000-0x0000000002D67000-memory.dmp

Filesize
796KB

Download
memory/2900-200-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/2900-132-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/2936-35-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2936-84-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/2936-34-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/2936-187-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/2960-223-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/3020-65-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/3020-192-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/3060-47-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/3060-52-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/3060-53-0x0000000001FA0000-0x0000000002067000-memory.dmp

Filesize
796KB

Download
memory/3060-191-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads