Malware Analysis Report

2024-12-07 21:20

Sample ID 240206-znevcshfbq
Target VirusShare_bc72274585ff9549654da9d1f45b0402
SHA256 29634d3894aa2d207c029ef97ef5185753e695c92ad763b5f49c34ea1dc9999a
Tags
xtremerat persistence rat spyware upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

29634d3894aa2d207c029ef97ef5185753e695c92ad763b5f49c34ea1dc9999a

Threat Level: Known bad

The file VirusShare_bc72274585ff9549654da9d1f45b0402 was found to be: Known bad.

Malicious Activity Summary

xtremerat persistence rat spyware upx

Detect XtremeRAT payload

XtremeRAT

UPX dump on OEP (original entry point)

Modifies Installed Components in the registry

Checks computer location settings

Loads dropped DLL

UPX packed file

Executes dropped EXE

Adds Run key to start application

Suspicious use of SetThreadContext

Suspicious use of NtSetInformationThreadHideFromDebugger

Drops file in Windows directory

Enumerates physical storage devices

Unsigned PE

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-06 20:51

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-06 20:51

Reported

2024-02-06 20:54

Platform

win7-20231129-en

Max time kernel

149s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe"

Signatures

Detect XtremeRAT payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

XtremeRAT

persistence spyware rat xtremerat

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Modifies Installed Components in the registry

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 2216 set thread context of 2364 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe
PID 2724 set thread context of 2488 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 1728 set thread context of 1836 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2780 set thread context of 1436 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2340 set thread context of 596 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 412 set thread context of 2868 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 812 set thread context of 592 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 1212 set thread context of 1596 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2596 set thread context of 2684 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2328 set thread context of 1728 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2896 set thread context of 1156 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 1740 set thread context of 2404 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 732 set thread context of 1120 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 1700 set thread context of 2632 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 1968 set thread context of 1728 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 276 set thread context of 1096 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2344 set thread context of 1112 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 1900 set thread context of 1844 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 588 set thread context of 608 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2352 set thread context of 2380 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2420 set thread context of 2716 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 412 set thread context of 1156 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 1308 set thread context of 2792 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 3052 set thread context of 2012 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 412 set thread context of 716 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 1448 set thread context of 2012 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 3096 set thread context of 3132 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 3296 set thread context of 3328 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 3496 set thread context of 3532 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 3684 set thread context of 3720 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\InstallDir\Server.exe C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File created C:\Windows\InstallDir\Server.exe C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A

Enumerates physical storage devices

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2216 wrote to memory of 2364 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe
PID 2216 wrote to memory of 2364 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe
PID 2216 wrote to memory of 2364 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe
PID 2216 wrote to memory of 2364 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe
PID 2216 wrote to memory of 2364 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe
PID 2216 wrote to memory of 2364 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe
PID 2216 wrote to memory of 2364 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe
PID 2216 wrote to memory of 2364 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe
PID 2364 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2364 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2364 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2364 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2364 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2364 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2364 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2364 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2364 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2364 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2364 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2364 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2364 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2364 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2364 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2364 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2364 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2364 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2364 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2364 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2364 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2364 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2364 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2364 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2364 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2364 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2364 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2364 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2364 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2364 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2364 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2364 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2364 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2364 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2364 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2364 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2364 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2364 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2364 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2364 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Windows\InstallDir\Server.exe
PID 2364 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Windows\InstallDir\Server.exe
PID 2364 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Windows\InstallDir\Server.exe
PID 2364 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Windows\InstallDir\Server.exe
PID 2724 wrote to memory of 2488 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2724 wrote to memory of 2488 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2724 wrote to memory of 2488 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2724 wrote to memory of 2488 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2724 wrote to memory of 2488 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2724 wrote to memory of 2488 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2724 wrote to memory of 2488 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2724 wrote to memory of 2488 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2488 wrote to memory of 2536 N/A C:\Windows\InstallDir\Server.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2488 wrote to memory of 2536 N/A C:\Windows\InstallDir\Server.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2488 wrote to memory of 2536 N/A C:\Windows\InstallDir\Server.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2488 wrote to memory of 2536 N/A C:\Windows\InstallDir\Server.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2488 wrote to memory of 2536 N/A C:\Windows\InstallDir\Server.exe C:\Program Files\Internet Explorer\iexplore.exe

Processes

C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe

"C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe"

C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe

"C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

Network

N/A

Files

memory/2216-0-0x0000000000400000-0x00000000007B0000-memory.dmp

memory/2364-11-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/2364-17-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/2364-16-0x0000000000400000-0x00000000007B0000-memory.dmp

memory/2216-18-0x0000000000400000-0x00000000007B0000-memory.dmp

memory/2364-14-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/2216-15-0x0000000003510000-0x00000000038C0000-memory.dmp

memory/2364-13-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/2364-9-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

memory/2364-8-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/2364-7-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/2364-6-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/2724-31-0x0000000000400000-0x00000000007B0000-memory.dmp

C:\Windows\InstallDir\Server.exe

MD5 05ce6ce7275a2aec7f364e8bf8ebf7c9
SHA1 da33145038aa0e47d7d63cb9c7150d20e69a8d8a
SHA256 c045606781971235815f7f61ae7e898da37ea7e4c2ca2ea51f8fb84ee89faa6f
SHA512 2c472aa07a244fa5c03ed24c3124de48d720a58216e86a76f59c05aec6ee121cca9f3e7fa91da763f523aad807b13a86172ba4ad8123dad0b2f842934b771415

memory/2364-29-0x0000000000C80000-0x0000000000C95000-memory.dmp

C:\Windows\InstallDir\Server.exe

MD5 bf2717baf9783fb303bf2d0a3aa92736
SHA1 d628107912eb9495492f441d7e0cb81b5f0d016e
SHA256 c6e9fa7e553b580290ca11113b51a386af898bde256b4fdc0c166c9fc6c78cb5
SHA512 fbfa404068c23013fda8e1f502408310c70a99b01976b39791fa60fbd1711ddcd9aa60aac88c6bbfd6a10fb914ddc27316ce956d550a2bbf321ed3db470de8f1

\Windows\InstallDir\Server.exe

MD5 b37dc2d8b2031162d634655efd7f0439
SHA1 f465e25fb379642992aaa6912911aa9ba67fa9c5
SHA256 00900073949e64fefb1f3b6da2d40af73ada5092e3b9d712b791e3f1715b7447
SHA512 72db0290db3f2ca52a5e779b0543df472b88d9ec35afaf3e0ffba1ca029e74e28da729f18a6df40c6fd2b863115a34617f255f8cede2b82c80f68ee82c442e01

\Windows\InstallDir\Server.exe

MD5 fb519e9aee917bfd248f18d43881f4a2
SHA1 43691e66090f81a9b7c674a04be0425f5a7ebcc2
SHA256 751d8a9ec41184e5c940d39560436613d94caee77ba887653c1c160837e8d1d0
SHA512 57af4dcef8807116ef9fd990d9b40e3bb6afbda7053dc006dd2c5e1a38a72e40c54ef348c55b88fd89fa9ad76485f48c69940d32ec0694cb4f501b816d308d4b

C:\Windows\InstallDir\Server.exe

MD5 883e1bd8c04b0abe63ee9906685c681f
SHA1 c4e3a12a209850ef4c45d9c44f91bc37308ee6e7
SHA256 f9297ef45b052be24653b2c13e16873d6fbbd8f9dbd7ed49b56c5a5199a55bcf
SHA512 486724f8882a792369bc6a895203cfd2ad83319b9eb2ddbd4c784dddfe9d99423d1b664050272353501d6181fe678629dc9b55b7069f611fb21a84d4f597a845

\??\c:\users\admin\appdata\local\temp\00000000

MD5 dfba56ed457ed0ba57d5f33436e6918b
SHA1 865f135a88d13fd8a506e891e08445acab3c4d40
SHA256 fdff5ced70933a01b1946f552e6a7e020e21176d711b12e4831bc7f9dff1cbb7
SHA512 19d588a604caf2bb77690abbb54ed3846ecee974c69c90ef1dcdf677a85edd0967c98031d5f1cd35a16a4aecc6f220716f9fa280f963e5636ced35daafa127ac

C:\Windows\InstallDir\Server.exe

MD5 bc72274585ff9549654da9d1f45b0402
SHA1 18319e9a32890543a89356c409a9fbf706ad9c6b
SHA256 29634d3894aa2d207c029ef97ef5185753e695c92ad763b5f49c34ea1dc9999a
SHA512 0270550bb3bfc4328e987529802b62ac324c32a92c4618484461e7ec528615ff42a075586a7234cda21cb0851b96aae46d7dd42e504f8fbdd8cba0231ac0618d

memory/2724-54-0x0000000000400000-0x00000000007B0000-memory.dmp

memory/2488-52-0x0000000000C80000-0x0000000000C95000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\((Mutex)).cfg

MD5 8d09ba1f64e685b3b24e3a5e4896c827
SHA1 d83838727fcb575e45ffb2b801d6320d4bca9a8a
SHA256 735cbf4f6b47057b0de648b8cae58936868ba98184d54d11405a0fb27ac64877
SHA512 c358358079bf72a50c0dfe8e5edb1d727339eb1066dbb6cf99c1b827dead8e295edbeb6dde5ea1dab865e736a6c93afbbc73b5a15bce1b35b51d0541c40ac394

C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3470981204-343661084-3367201002-1000\88603cb2913a7df3fbd16b5f958e6447_5bdc9f80-eb58-42dc-b2cb-c7f4cc7ae5f6

MD5 5fc2ac2a310f49c14d195230b91a8885
SHA1 90855cc11136ba31758fe33b5cf9571f9a104879
SHA256 374e0e2897a7a82e0e44794cad89df0f3cdd7703886239c1fe06d625efd48092
SHA512 ab46554df9174b9fe9beba50a640f67534c3812f64d96a1fb8adfdc136dfe730ca2370825cd45b7f87a544d6a58dd868cb5a3a7f42e2789f6d679dbc0fdd52c3

memory/1728-58-0x0000000000400000-0x00000000007B0000-memory.dmp

memory/2488-57-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/1836-77-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/1728-78-0x0000000000400000-0x00000000007B0000-memory.dmp

C:\Windows\InstallDir\Server.exe

MD5 a8275b144a760ff24fbf845fdd816cb8
SHA1 619f19edafd206ba3c8c5bf1f9cf80a238db33c4
SHA256 2bb2e08ad4a5eb233f12dc3e3a870e7e3275951d1631697d88784243fde2b7a8
SHA512 1efc69b09bc4f15ae5c7c61db80570f9f148cd375e4947ac9b7dfbe72a4e345d973ae937592cc1eab9e8a4f50c39c0d8c7c82f0420d90b1d61de1e89f57dd5a8

memory/2780-83-0x0000000000400000-0x00000000007B0000-memory.dmp

memory/1836-82-0x0000000000C80000-0x0000000000C95000-memory.dmp

C:\Windows\InstallDir\Server.exe

MD5 db830c8411ce7dc411e231a750b16aeb
SHA1 fd29ad89260b6936df25f5185b8a3ef85560cee3
SHA256 b9cb4a1b66978f7312e70ae539563683c925be62a424189e0053dcad84eaf2eb
SHA512 9825701a0389e2a6df27c21e8a10068ee5daa6aa8fb7c279f425715506ba0069dd3928fea234d5e1135c245653d5685ded08dca4174988120540030aa684926f

memory/1436-98-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/2780-99-0x0000000000400000-0x00000000007B0000-memory.dmp

C:\Windows\InstallDir\Server.exe

MD5 dc69f0457ae681f9f7ea299e9d3c7258
SHA1 35d40dee25a9af0043294a51886d4ba0356d6398
SHA256 bf8c326f3938c7dfc03bd04af9aed23b133bff142c6ce2ec3c2bd3042bf71f30
SHA512 8ca7ee971a40582eea0638c84e906e22c5e13c55e38da1596a250b22b933eb01e45b47972444cd86484225f5ca6c808725c9265df9abffe95b14b153e1fc5202

memory/2340-103-0x0000000000400000-0x00000000007B0000-memory.dmp

memory/1436-102-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/596-122-0x0000000000C80000-0x0000000000C95000-memory.dmp

C:\Windows\InstallDir\Server.exe

MD5 5bf93d2f4c480c4c3d0b759544db517b
SHA1 a6030fee8a7f11d467a31a149a6be80081b0ac06
SHA256 3333933f534b9b756ee26b1bba41864e48948ccceb3bfedb8df3ba14a0e2eb33
SHA512 70c29684f46dd48f57fcece8be64bb75fe6dd09a70e9f6a0e51efa0e6e002b3294cbdfdcc5e0c44b0dbe9ace9b406970d1f4579cf03cb27990645aec6ac49284

memory/2340-123-0x0000000000400000-0x00000000007B0000-memory.dmp

C:\Windows\InstallDir\Server.exe

MD5 8b0bc1914c8275f1154c9bb48a026cc9
SHA1 947d77641cb4e3107af6db235d0dc4abf01c485d
SHA256 859e8a3b5bd8a63a63b00540c21848e45be26a0dccc975bbfe1146ebd5fb8426
SHA512 17b6dd9200255656af0529732989ebda2bf3a2797ea0a1283292ff811590eb7bf5967ccd3f7af7b985912641792f88d58813a5b60322d1956782273d632c18f1

\??\c:\users\admin\appdata\local\temp\00000000

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/412-128-0x0000000000400000-0x00000000007B0000-memory.dmp

memory/596-127-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/2868-143-0x0000000000C80000-0x0000000000C95000-memory.dmp

C:\Windows\InstallDir\Server.exe

MD5 bb666938167316b7e5f2a0195b114e7d
SHA1 fe7c8ad7fd4ef14d4d6915ee42c5fccb2db1b2de
SHA256 16516bf9cb1c0c8ddd9b2eecbc9f163a7f17ba1a14158c95d5c654b821223391
SHA512 44fb7896714fd7212c2c763d7ebd488f29c4bb10c21f86928070843d9cec57960de10c47cb7770fd19d488108181c4a7f1a1fe9704d72b1a0d37df3391f9d3ae

memory/412-146-0x0000000000400000-0x00000000007B0000-memory.dmp

memory/2868-148-0x0000000000C80000-0x0000000000C95000-memory.dmp

C:\Windows\InstallDir\Server.exe

MD5 1feb31ddb5df00f44a904227b5bbad12
SHA1 246df77edb1916f9a95acdc0aca2b838e019acd1
SHA256 4b5b6d64bc71696264d58101020d340d628621b01e8f7c3d5cedf9cc88c95772
SHA512 c86cdf14e22836e1ae581ccb068a0f69e2e16e2332540b9ba3a45beba3dd0c98184621fca251d54e2a669aab23dae7c9225bbdb843b3554ccefd9572594b3a26

memory/812-149-0x0000000000400000-0x00000000007B0000-memory.dmp

memory/592-164-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/812-168-0x0000000000400000-0x00000000007B0000-memory.dmp

memory/1212-171-0x0000000000400000-0x00000000007B0000-memory.dmp

memory/592-170-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/1596-190-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/1212-192-0x0000000000400000-0x00000000007B0000-memory.dmp

memory/2596-196-0x0000000000400000-0x00000000007B0000-memory.dmp

memory/1596-195-0x0000000000C80000-0x0000000000C95000-memory.dmp

C:\Windows\InstallDir\Server.exe

MD5 244ad50a4d62c51cf711e669702a05cf
SHA1 4a4e1ebf350061614ec688f4b4502ba20394928c
SHA256 ca7ed370fb46908715ff81b2eb10087388d0c715e7dce569a77591d069040511
SHA512 1a0932c5e2420e36d599219c75c03b25dd93ca05fc4db19b8d967247bbcac09a3b9ee9100dbee2ce2aef667020318369924358bcd3080843260e1847d752c428

memory/2596-216-0x0000000000400000-0x00000000007B0000-memory.dmp

memory/2684-220-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/2328-221-0x0000000000400000-0x00000000007B0000-memory.dmp

memory/1728-240-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/2328-243-0x0000000000400000-0x00000000007B0000-memory.dmp

C:\Windows\InstallDir\Server.exe

MD5 0595ff60edac8638cd3a9064790e7976
SHA1 26ac04523414a8ed2201bc16f79f915c31496227
SHA256 9fb831eac5cb0f26538331ca5a10e5ef22a502e39c3ae62d2ef965ac20d14fc8
SHA512 8799e880b91e4e1803184ef47db3b845df26cd5c7dca47962beeeb130447a6b709e9ca76d1500bb5f0d2b8b2915ce339e697c5acc8198dc0244daf8e40d3e2f9

memory/2896-246-0x0000000000400000-0x00000000007B0000-memory.dmp

memory/1728-245-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/1156-265-0x0000000000C80000-0x0000000000C95000-memory.dmp

C:\Windows\InstallDir\Server.exe

MD5 120004cf8467163994775dd9f4729222
SHA1 da708f2e1f4f3403fb054acd9e3b553699c2daf9
SHA256 1b1fb076e9cca263bda02e79e171731b585c1ca4a43a38221dba01876099cbcd
SHA512 5ef11262680270e5a3cddc684f053a909a24c605f0b6dbc2960ecf7517cc0e6eebf48b395e2c81445c25371a2909e4929d98d5c5d2a07b2e106d8f22577d9648

memory/2896-269-0x0000000000400000-0x00000000007B0000-memory.dmp

memory/1156-271-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/1740-272-0x0000000000400000-0x00000000007B0000-memory.dmp

memory/2404-287-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/1740-290-0x0000000000400000-0x00000000007B0000-memory.dmp

memory/2404-292-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/732-293-0x0000000000400000-0x00000000007B0000-memory.dmp

memory/1120-312-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/732-314-0x0000000000400000-0x00000000007B0000-memory.dmp

memory/1120-318-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/1700-319-0x0000000000400000-0x00000000007B0000-memory.dmp

memory/2632-338-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/1700-340-0x0000000000400000-0x00000000007B0000-memory.dmp

memory/2632-343-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/1968-344-0x0000000000400000-0x00000000007B0000-memory.dmp

memory/1968-364-0x0000000000400000-0x00000000007B0000-memory.dmp

memory/1728-367-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/276-369-0x0000000000400000-0x00000000007B0000-memory.dmp

memory/1096-388-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/276-390-0x0000000000400000-0x00000000007B0000-memory.dmp

memory/1096-392-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/2344-394-0x0000000000400000-0x00000000007B0000-memory.dmp

memory/1112-409-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/2344-413-0x0000000000400000-0x00000000007B0000-memory.dmp

memory/1900-416-0x0000000000400000-0x00000000007B0000-memory.dmp

memory/1112-414-0x0000000000C80000-0x0000000000C95000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-06 20:51

Reported

2024-02-06 20:54

Platform

win10v2004-20231215-en

Max time kernel

151s

Max time network

156s

Command Line

"C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe"

Signatures

Detect XtremeRAT payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

XtremeRAT

persistence spyware rat xtremerat

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Modifies Installed Components in the registry

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 4316 set thread context of 2700 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe
PID 260 set thread context of 3484 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 4452 set thread context of 4720 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 3064 set thread context of 4612 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 4108 set thread context of 4788 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2908 set thread context of 2724 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2108 set thread context of 1336 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 848 set thread context of 2012 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 4360 set thread context of 628 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 3064 set thread context of 1924 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 1392 set thread context of 2052 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 1448 set thread context of 3372 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 3876 set thread context of 3596 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 1388 set thread context of 2324 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 3092 set thread context of 1400 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 5028 set thread context of 1352 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 228 set thread context of 2336 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 680 set thread context of 3972 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 1364 set thread context of 3092 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 4924 set thread context of 4508 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 3312 set thread context of 1784 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2928 set thread context of 4596 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2848 set thread context of 924 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 3976 set thread context of 3704 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2220 set thread context of 1784 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 4748 set thread context of 3756 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\InstallDir\Server.exe C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A

Enumerates physical storage devices

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4316 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe
PID 4316 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe
PID 4316 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe
PID 4316 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe
PID 4316 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe
PID 4316 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe
PID 4316 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe
PID 4316 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe
PID 2700 wrote to memory of 3776 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2700 wrote to memory of 3776 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2700 wrote to memory of 3776 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2700 wrote to memory of 4724 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2700 wrote to memory of 4724 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2700 wrote to memory of 4724 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2700 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2700 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2700 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2700 wrote to memory of 5060 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2700 wrote to memory of 5060 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2700 wrote to memory of 5060 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2700 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2700 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2700 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2700 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2700 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2700 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2700 wrote to memory of 1264 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2700 wrote to memory of 1264 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2700 wrote to memory of 1264 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2700 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2700 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2700 wrote to memory of 260 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Windows\InstallDir\Server.exe
PID 2700 wrote to memory of 260 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Windows\InstallDir\Server.exe
PID 2700 wrote to memory of 260 N/A C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe C:\Windows\InstallDir\Server.exe
PID 260 wrote to memory of 3484 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 260 wrote to memory of 3484 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 260 wrote to memory of 3484 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 260 wrote to memory of 3484 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 260 wrote to memory of 3484 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 260 wrote to memory of 3484 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 260 wrote to memory of 3484 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 260 wrote to memory of 3484 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 3484 wrote to memory of 4124 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3484 wrote to memory of 4124 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3484 wrote to memory of 4124 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3484 wrote to memory of 2136 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3484 wrote to memory of 2136 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3484 wrote to memory of 2136 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3484 wrote to memory of 3948 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3484 wrote to memory of 3948 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3484 wrote to memory of 3948 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3484 wrote to memory of 3548 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3484 wrote to memory of 3548 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3484 wrote to memory of 3548 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3484 wrote to memory of 876 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3484 wrote to memory of 876 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3484 wrote to memory of 876 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3484 wrote to memory of 224 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3484 wrote to memory of 224 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3484 wrote to memory of 224 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3484 wrote to memory of 2360 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3484 wrote to memory of 2360 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3484 wrote to memory of 2360 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3484 wrote to memory of 3232 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe

"C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe"

C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe

"C:\Users\Admin\AppData\Local\Temp\VirusShare_bc72274585ff9549654da9d1f45b0402.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 211.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 76.246.100.95.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 28.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 176.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 6.173.189.20.in-addr.arpa udp

Files

memory/4316-0-0x0000000000400000-0x00000000007B0000-memory.dmp

memory/2700-6-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/2700-8-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/2700-9-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/2700-10-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/4316-11-0x0000000000400000-0x00000000007B0000-memory.dmp

C:\Windows\InstallDir\Server.exe

MD5 bc72274585ff9549654da9d1f45b0402
SHA1 18319e9a32890543a89356c409a9fbf706ad9c6b
SHA256 29634d3894aa2d207c029ef97ef5185753e695c92ad763b5f49c34ea1dc9999a
SHA512 0270550bb3bfc4328e987529802b62ac324c32a92c4618484461e7ec528615ff42a075586a7234cda21cb0851b96aae46d7dd42e504f8fbdd8cba0231ac0618d

memory/2700-22-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/260-23-0x0000000000400000-0x00000000007B0000-memory.dmp

\??\c:\users\admin\appdata\local\temp\00000000

MD5 dfba56ed457ed0ba57d5f33436e6918b
SHA1 865f135a88d13fd8a506e891e08445acab3c4d40
SHA256 fdff5ced70933a01b1946f552e6a7e020e21176d711b12e4831bc7f9dff1cbb7
SHA512 19d588a604caf2bb77690abbb54ed3846ecee974c69c90ef1dcdf677a85edd0967c98031d5f1cd35a16a4aecc6f220716f9fa280f963e5636ced35daafa127ac

C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-635608581-3370340891-292606865-1000\88603cb2913a7df3fbd16b5f958e6447_b2023514-58f3-4766-b3bc-d155e44dc37d

MD5 5fc2ac2a310f49c14d195230b91a8885
SHA1 90855cc11136ba31758fe33b5cf9571f9a104879
SHA256 374e0e2897a7a82e0e44794cad89df0f3cdd7703886239c1fe06d625efd48092
SHA512 ab46554df9174b9fe9beba50a640f67534c3812f64d96a1fb8adfdc136dfe730ca2370825cd45b7f87a544d6a58dd868cb5a3a7f42e2789f6d679dbc0fdd52c3

memory/3484-32-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/3484-33-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/3484-34-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/260-35-0x0000000000400000-0x00000000007B0000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\((Mutex)).cfg

MD5 8d09ba1f64e685b3b24e3a5e4896c827
SHA1 d83838727fcb575e45ffb2b801d6320d4bca9a8a
SHA256 735cbf4f6b47057b0de648b8cae58936868ba98184d54d11405a0fb27ac64877
SHA512 c358358079bf72a50c0dfe8e5edb1d727339eb1066dbb6cf99c1b827dead8e295edbeb6dde5ea1dab865e736a6c93afbbc73b5a15bce1b35b51d0541c40ac394

memory/4452-40-0x0000000000400000-0x00000000007B0000-memory.dmp

memory/3484-41-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/4720-51-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/4452-52-0x0000000000400000-0x00000000007B0000-memory.dmp

memory/4720-57-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/4612-65-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/4612-66-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/4612-67-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/3064-68-0x0000000000400000-0x00000000007B0000-memory.dmp

memory/4612-73-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/4108-74-0x0000000000400000-0x00000000007B0000-memory.dmp

memory/4788-84-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/4108-85-0x0000000000400000-0x00000000007B0000-memory.dmp

memory/4788-90-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/2908-100-0x0000000000400000-0x00000000007B0000-memory.dmp

memory/2724-105-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/1336-115-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/2108-116-0x0000000000400000-0x00000000007B0000-memory.dmp

memory/1336-121-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/2012-131-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/848-132-0x0000000000400000-0x00000000007B0000-memory.dmp

memory/2012-137-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/4360-138-0x0000000000400000-0x00000000007B0000-memory.dmp

memory/4360-148-0x0000000000400000-0x00000000007B0000-memory.dmp

memory/628-149-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/628-154-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/3064-155-0x0000000000400000-0x00000000007B0000-memory.dmp

memory/1924-165-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/3064-166-0x0000000000400000-0x00000000007B0000-memory.dmp

memory/1924-171-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/1392-172-0x0000000000400000-0x00000000007B0000-memory.dmp

memory/2052-181-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/1392-182-0x0000000000400000-0x00000000007B0000-memory.dmp

memory/2052-180-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/2052-187-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/3372-195-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/3372-196-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/3372-197-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/1448-198-0x0000000000400000-0x00000000007B0000-memory.dmp

memory/3876-203-0x0000000000400000-0x00000000007B0000-memory.dmp

memory/3372-204-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/3596-212-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/3596-213-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/3596-214-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/3876-219-0x0000000000400000-0x00000000007B0000-memory.dmp

memory/3596-221-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/2324-231-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/1388-233-0x0000000000400000-0x00000000007B0000-memory.dmp

memory/2324-238-0x0000000000C80000-0x0000000000C95000-memory.dmp

\??\c:\users\admin\appdata\local\temp\00000000

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/1400-248-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/3092-250-0x0000000000400000-0x00000000007B0000-memory.dmp

memory/1400-255-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/1352-265-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/5028-267-0x0000000000400000-0x00000000007B0000-memory.dmp

memory/228-272-0x0000000000400000-0x00000000007B0000-memory.dmp

memory/1352-273-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/2336-282-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/228-284-0x0000000000400000-0x00000000007B0000-memory.dmp

memory/2336-287-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/3972-295-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/680-297-0x0000000000400000-0x00000000007B0000-memory.dmp

memory/3972-300-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/3092-308-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/1364-310-0x0000000000400000-0x00000000007B0000-memory.dmp

memory/3092-313-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/4508-321-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/4924-323-0x0000000000400000-0x00000000007B0000-memory.dmp

memory/3312-326-0x0000000000400000-0x00000000007B0000-memory.dmp

memory/4508-327-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/1784-335-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/3312-337-0x0000000000400000-0x00000000007B0000-memory.dmp

memory/1784-340-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/2928-341-0x0000000000400000-0x00000000007B0000-memory.dmp

memory/4596-349-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/2928-351-0x0000000000400000-0x00000000007B0000-memory.dmp

memory/4596-354-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/2848-355-0x0000000000400000-0x00000000007B0000-memory.dmp