Malware Analysis Report

2024-11-13 18:41

Sample ID 240712-c6td5sxgjg
Target 3bb38c266843a889e14fd76f676a26fd_JaffaCakes118
SHA256 37168e4f1837baf9eb5101b2d4718fa342cbf3a8b3d1eb3f1d69f5a03cc2ed4e
Tags
xtremerat persistence rat spyware
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

37168e4f1837baf9eb5101b2d4718fa342cbf3a8b3d1eb3f1d69f5a03cc2ed4e

Threat Level: Known bad

The file 3bb38c266843a889e14fd76f676a26fd_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

xtremerat persistence rat spyware

Detect XtremeRAT payload

XtremeRAT

Boot or Logon Autostart Execution: Active Setup

Checks computer location settings

Executes dropped EXE

Deletes itself

Loads dropped DLL

Adds Run key to start application

Suspicious use of SetThreadContext

Drops file in Windows directory

Unsigned PE

Enumerates physical storage devices

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-12 02:41

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-12 02:41

Reported

2024-07-12 02:44

Platform

win7-20240704-en

Max time kernel

149s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe"

Signatures

Detect XtremeRAT payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

XtremeRAT

persistence spyware rat xtremerat

Boot or Logon Autostart Execution: Active Setup

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A

Deletes itself

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 2416 set thread context of 1656 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe
PID 2144 set thread context of 2784 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 1060 set thread context of 112 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 1512 set thread context of 1116 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2448 set thread context of 2476 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2252 set thread context of 1916 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 680 set thread context of 1992 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 304 set thread context of 2752 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2864 set thread context of 2716 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 1872 set thread context of 1120 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2292 set thread context of 1132 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2044 set thread context of 904 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2756 set thread context of 2604 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 1480 set thread context of 2700 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2576 set thread context of 2292 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 1768 set thread context of 2844 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 1988 set thread context of 2792 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2464 set thread context of 1620 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2932 set thread context of 1656 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2312 set thread context of 1460 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2052 set thread context of 2760 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 380 set thread context of 944 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2476 set thread context of 448 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 380 set thread context of 888 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 1620 set thread context of 3092 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 3284 set thread context of 3304 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 3500 set thread context of 3520 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 3708 set thread context of 3728 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 3920 set thread context of 3940 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 888 set thread context of 3108 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 3360 set thread context of 3252 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File created C:\Windows\InstallDir\Server.exe C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A

Enumerates physical storage devices

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2416 wrote to memory of 1656 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe
PID 2416 wrote to memory of 1656 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe
PID 2416 wrote to memory of 1656 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe
PID 2416 wrote to memory of 1656 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe
PID 2416 wrote to memory of 1656 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe
PID 2416 wrote to memory of 1656 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe
PID 2416 wrote to memory of 1656 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe
PID 2416 wrote to memory of 1656 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe
PID 2416 wrote to memory of 1656 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe
PID 2416 wrote to memory of 1656 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe
PID 2416 wrote to memory of 1656 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe
PID 2416 wrote to memory of 1656 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe
PID 1656 wrote to memory of 2424 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1656 wrote to memory of 2424 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1656 wrote to memory of 2424 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1656 wrote to memory of 2424 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1656 wrote to memory of 2364 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Windows\SysWOW64\explorer.exe
PID 1656 wrote to memory of 2364 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Windows\SysWOW64\explorer.exe
PID 1656 wrote to memory of 2364 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Windows\SysWOW64\explorer.exe
PID 1656 wrote to memory of 2364 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Windows\SysWOW64\explorer.exe
PID 1656 wrote to memory of 2364 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Windows\SysWOW64\explorer.exe
PID 1656 wrote to memory of 2424 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1656 wrote to memory of 868 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1656 wrote to memory of 868 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1656 wrote to memory of 868 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1656 wrote to memory of 868 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1656 wrote to memory of 868 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1656 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1656 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1656 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1656 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1656 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1656 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1656 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1656 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1656 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1656 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1656 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1656 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1656 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1656 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1656 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1656 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1656 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1656 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1656 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1656 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1656 wrote to memory of 2860 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1656 wrote to memory of 2860 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1656 wrote to memory of 2860 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1656 wrote to memory of 2860 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1656 wrote to memory of 2860 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1656 wrote to memory of 2872 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1656 wrote to memory of 2872 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1656 wrote to memory of 2872 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1656 wrote to memory of 2872 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1656 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Windows\InstallDir\Server.exe
PID 1656 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Windows\InstallDir\Server.exe
PID 1656 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Windows\InstallDir\Server.exe
PID 1656 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Windows\InstallDir\Server.exe
PID 2144 wrote to memory of 2784 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2144 wrote to memory of 2784 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2144 wrote to memory of 2784 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2144 wrote to memory of 2784 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe

Processes

C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\explorer.exe

explorer.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

Network

N/A

Files

memory/1656-9-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

memory/1656-11-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/1656-13-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/1656-8-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/1656-7-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/1656-6-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/1656-5-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/1656-4-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/1656-3-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/1656-12-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/1656-2-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/1656-14-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/2364-23-0x0000000000C80000-0x0000000000C93000-memory.dmp

C:\Windows\InstallDir\Server.exe

MD5 3bb38c266843a889e14fd76f676a26fd
SHA1 5053896544cc2d62649c264c1281911aa95b73fa
SHA256 37168e4f1837baf9eb5101b2d4718fa342cbf3a8b3d1eb3f1d69f5a03cc2ed4e
SHA512 76d306664a1e7e7782aaf48a0a3c62bd65aa2c55fa110b955b5b3873a49ff458be9dd6639f21f3e00dda82406e5dec1c8d8902fe62da2557c45123ebb8026265

memory/1656-32-0x0000000000C80000-0x0000000000C93000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\((Mutex)).cfg

MD5 903866f97d6967ec7510d69ebea614f8
SHA1 13902d8dd6cfe6ffc1cbe6c8b004e38d42a1056d
SHA256 a469cb9c285477caf6b77549d99aff1c1d85204ad4caa1eaaf8172666789646a
SHA512 8ceffeb3f5de24856f8aa4be0ce2c903356a288c3cbe10083e5655a69dfd10fb87072bb8b2c4632dfad1845092facaa0846849073401cede4fdc8f45a8fb053d

\??\PIPE\srvsvc

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Analysis: behavioral2

Detonation Overview

Submitted

2024-07-12 02:41

Reported

2024-07-12 02:44

Platform

win10v2004-20240709-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe"

Signatures

Detect XtremeRAT payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

XtremeRAT

persistence spyware rat xtremerat

Boot or Logon Autostart Execution: Active Setup

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 4644 set thread context of 4920 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe
PID 4848 set thread context of 3732 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 408 set thread context of 4576 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 1244 set thread context of 2004 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 4112 set thread context of 392 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 1388 set thread context of 2124 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 1480 set thread context of 4460 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 720 set thread context of 412 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 904 set thread context of 1148 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 3828 set thread context of 3692 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 8 set thread context of 3916 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 3804 set thread context of 3108 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 4076 set thread context of 4984 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 3832 set thread context of 1724 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 4924 set thread context of 4176 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2072 set thread context of 3740 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 4364 set thread context of 3052 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 4128 set thread context of 2512 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 4708 set thread context of 2136 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 3712 set thread context of 1900 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 3944 set thread context of 3828 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2376 set thread context of 1512 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 1400 set thread context of 740 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2752 set thread context of 4960 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 4580 set thread context of 696 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 4708 set thread context of 5024 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 3676 set thread context of 2088 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 4728 set thread context of 5036 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File created C:\Windows\InstallDir\Server.exe C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe N/A
File opened for modification C:\Windows\InstallDir\ C:\Windows\InstallDir\Server.exe N/A

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\InstallDir\Server.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4644 wrote to memory of 4920 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe
PID 4644 wrote to memory of 4920 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe
PID 4644 wrote to memory of 4920 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe
PID 4644 wrote to memory of 4920 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe
PID 4644 wrote to memory of 4920 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe
PID 4644 wrote to memory of 4920 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe
PID 4644 wrote to memory of 4920 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe
PID 4644 wrote to memory of 4920 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe
PID 4644 wrote to memory of 4920 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe
PID 4644 wrote to memory of 4920 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe
PID 4644 wrote to memory of 4920 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe
PID 4644 wrote to memory of 4920 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe
PID 4644 wrote to memory of 4920 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe
PID 4920 wrote to memory of 2160 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 2160 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 512 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Windows\SysWOW64\explorer.exe
PID 4920 wrote to memory of 512 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Windows\SysWOW64\explorer.exe
PID 4920 wrote to memory of 512 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Windows\SysWOW64\explorer.exe
PID 4920 wrote to memory of 2160 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 4696 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 4696 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 4696 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 2028 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 2028 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 2028 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 1392 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 1392 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 1392 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 4064 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 4064 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 4064 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 1088 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 1088 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 1088 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 3332 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 3332 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 3332 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 368 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 368 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 4848 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Windows\InstallDir\Server.exe
PID 4920 wrote to memory of 4848 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Windows\InstallDir\Server.exe
PID 4920 wrote to memory of 4848 N/A C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe C:\Windows\InstallDir\Server.exe
PID 4848 wrote to memory of 3732 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 4848 wrote to memory of 3732 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 4848 wrote to memory of 3732 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 4848 wrote to memory of 3732 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 4848 wrote to memory of 3732 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 4848 wrote to memory of 3732 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 4848 wrote to memory of 3732 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 4848 wrote to memory of 3732 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 4848 wrote to memory of 3732 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 4848 wrote to memory of 3732 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 4848 wrote to memory of 3732 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 4848 wrote to memory of 3732 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 4848 wrote to memory of 3732 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 3732 wrote to memory of 2084 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3732 wrote to memory of 2084 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3732 wrote to memory of 2084 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3732 wrote to memory of 2344 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3732 wrote to memory of 2344 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3732 wrote to memory of 2344 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3732 wrote to memory of 2304 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3732 wrote to memory of 2304 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3732 wrote to memory of 2304 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\3bb38c266843a889e14fd76f676a26fd_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\explorer.exe

explorer.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 25.140.123.92.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 147.142.123.92.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 90.16.208.104.in-addr.arpa udp

Files

memory/4920-2-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/4920-3-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/4920-4-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/4920-5-0x0000000000C80000-0x0000000000C93000-memory.dmp

C:\Windows\InstallDir\Server.exe

MD5 3bb38c266843a889e14fd76f676a26fd
SHA1 5053896544cc2d62649c264c1281911aa95b73fa
SHA256 37168e4f1837baf9eb5101b2d4718fa342cbf3a8b3d1eb3f1d69f5a03cc2ed4e
SHA512 76d306664a1e7e7782aaf48a0a3c62bd65aa2c55fa110b955b5b3873a49ff458be9dd6639f21f3e00dda82406e5dec1c8d8902fe62da2557c45123ebb8026265

memory/4920-70-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/3732-76-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/3732-77-0x0000000000C80000-0x0000000000C93000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\((Mutex)).cfg

MD5 903866f97d6967ec7510d69ebea614f8
SHA1 13902d8dd6cfe6ffc1cbe6c8b004e38d42a1056d
SHA256 a469cb9c285477caf6b77549d99aff1c1d85204ad4caa1eaaf8172666789646a
SHA512 8ceffeb3f5de24856f8aa4be0ce2c903356a288c3cbe10083e5655a69dfd10fb87072bb8b2c4632dfad1845092facaa0846849073401cede4fdc8f45a8fb053d

memory/3732-82-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/4576-87-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/2004-96-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/392-105-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/412-132-0x0000000000C80000-0x0000000000C93000-memory.dmp

\??\PIPE\srvsvc

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/1724-184-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/4176-192-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/5024-270-0x0000000000C80000-0x0000000000C93000-memory.dmp