Malware Analysis Report

2024-11-13 18:40

Sample ID 240712-jvy9ksxckg
Target 3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118
SHA256 b279d7dd09e64a68a420dd5318216414e69fd4b8e01fbc76f0e9ead5b5e7661d
Tags
xtremerat persistence rat spyware upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

b279d7dd09e64a68a420dd5318216414e69fd4b8e01fbc76f0e9ead5b5e7661d

Threat Level: Known bad

The file 3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

xtremerat persistence rat spyware upx

Detect XtremeRAT payload

XtremeRAT

Boot or Logon Autostart Execution: Active Setup

Loads dropped DLL

Checks computer location settings

UPX packed file

Executes dropped EXE

Adds Run key to start application

Suspicious use of SetThreadContext

Drops file in Windows directory

Enumerates physical storage devices

Unsigned PE

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-12 08:00

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-12 08:00

Reported

2024-07-12 08:02

Platform

win7-20240705-en

Max time kernel

145s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe"

Signatures

Detect XtremeRAT payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

XtremeRAT

persistence spyware rat xtremerat

Boot or Logon Autostart Execution: Active Setup

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 2392 set thread context of 1624 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe
PID 2328 set thread context of 2844 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 1852 set thread context of 2640 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 3032 set thread context of 2516 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 1808 set thread context of 2004 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 700 set thread context of 1644 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2588 set thread context of 3004 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 1332 set thread context of 1948 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2720 set thread context of 2240 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2232 set thread context of 2324 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2112 set thread context of 2824 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2396 set thread context of 1852 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 1244 set thread context of 2904 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2004 set thread context of 700 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 1692 set thread context of 2484 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2292 set thread context of 1272 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 1308 set thread context of 2724 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2544 set thread context of 3048 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2912 set thread context of 532 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 1336 set thread context of 3012 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2864 set thread context of 2692 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 1808 set thread context of 1768 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 1000 set thread context of 2848 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 1620 set thread context of 1956 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2260 set thread context of 2004 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 3088 set thread context of 3104 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 3236 set thread context of 3252 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\InstallDir\Server.exe C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe N/A
File created C:\Windows\InstallDir\Server.exe C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe N/A

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" C:\Windows\InstallDir\Server.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2392 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe
PID 2392 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe
PID 2392 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe
PID 2392 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe
PID 2392 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe
PID 2392 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe
PID 2392 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe
PID 2392 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe
PID 2392 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe
PID 1624 wrote to memory of 1732 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1624 wrote to memory of 1732 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1624 wrote to memory of 1732 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1624 wrote to memory of 1732 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1624 wrote to memory of 1732 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1624 wrote to memory of 1008 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1624 wrote to memory of 1008 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1624 wrote to memory of 1008 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1624 wrote to memory of 1008 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1624 wrote to memory of 1008 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1624 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1624 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1624 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1624 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1624 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1624 wrote to memory of 1724 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1624 wrote to memory of 1724 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1624 wrote to memory of 1724 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1624 wrote to memory of 1724 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1624 wrote to memory of 1724 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1624 wrote to memory of 2104 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1624 wrote to memory of 2104 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1624 wrote to memory of 2104 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1624 wrote to memory of 2104 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1624 wrote to memory of 2104 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1624 wrote to memory of 2860 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1624 wrote to memory of 2860 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1624 wrote to memory of 2860 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1624 wrote to memory of 2860 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1624 wrote to memory of 2860 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1624 wrote to memory of 2960 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1624 wrote to memory of 2960 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1624 wrote to memory of 2960 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1624 wrote to memory of 2960 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1624 wrote to memory of 2960 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1624 wrote to memory of 2092 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1624 wrote to memory of 2092 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1624 wrote to memory of 2092 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1624 wrote to memory of 2092 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1624 wrote to memory of 2328 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Windows\InstallDir\Server.exe
PID 1624 wrote to memory of 2328 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Windows\InstallDir\Server.exe
PID 1624 wrote to memory of 2328 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Windows\InstallDir\Server.exe
PID 1624 wrote to memory of 2328 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Windows\InstallDir\Server.exe
PID 2328 wrote to memory of 2844 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2328 wrote to memory of 2844 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2328 wrote to memory of 2844 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2328 wrote to memory of 2844 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2328 wrote to memory of 2844 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2328 wrote to memory of 2844 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2328 wrote to memory of 2844 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2328 wrote to memory of 2844 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2328 wrote to memory of 2844 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2844 wrote to memory of 2868 N/A C:\Windows\InstallDir\Server.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2844 wrote to memory of 2868 N/A C:\Windows\InstallDir\Server.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2844 wrote to memory of 2868 N/A C:\Windows\InstallDir\Server.exe C:\Program Files\Internet Explorer\iexplore.exe

Processes

C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

Network

N/A

Files

memory/1624-2-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/2392-4-0x0000000000400000-0x000000000045E000-memory.dmp

memory/1624-7-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/1624-6-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/1624-5-0x0000000000C80000-0x0000000000C96000-memory.dmp

\Windows\InstallDir\Server.exe

MD5 3c93a29dc5ae17508ba1dec4a4e0903b
SHA1 02c7f2bab68166565073570bce4a7d84f8bbe3de
SHA256 b279d7dd09e64a68a420dd5318216414e69fd4b8e01fbc76f0e9ead5b5e7661d
SHA512 dd278161f6a5452a50eab5fc66f43cb9f0fd1e62da101f3e6dd2022cb4c8222634d434892821ef3d2f2baddb5cae0122666eb5b5d0304bcaa655173d30cf5dbd

memory/1624-18-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/2328-29-0x0000000000400000-0x000000000045E000-memory.dmp

memory/2844-30-0x0000000000C80000-0x0000000000C96000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\((Mutex)).cfg

MD5 e9f404227c2512a3d8cc066b1e3f13e2
SHA1 ed177f8c44c7680c8cad83b9a387a1ad7b43577b
SHA256 4facff17bd4dfb6b9f5aa0f3a4acb391ea12dbf13812008d3384964b375c403f
SHA512 62d837adee09f9690e2fa1c3777a137a4aa7d4db1b17c570fb859f7be4aa51f0c8c7d806b4df3697ffb35fd04771c7b0e0c6b501d204347fde5e91d61d3f85a1

memory/2844-35-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/1852-42-0x0000000000400000-0x000000000045E000-memory.dmp

memory/2640-44-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/2640-47-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/3032-52-0x0000000000400000-0x000000000045E000-memory.dmp

memory/1808-64-0x0000000000400000-0x000000000045E000-memory.dmp

memory/700-71-0x0000000000400000-0x000000000045E000-memory.dmp

memory/2588-81-0x0000000000400000-0x000000000045E000-memory.dmp

memory/1332-90-0x0000000000400000-0x000000000045E000-memory.dmp

memory/2720-101-0x0000000000400000-0x000000000045E000-memory.dmp

memory/2232-109-0x0000000000400000-0x000000000045E000-memory.dmp

memory/2324-112-0x0000000077100000-0x00000000771FA000-memory.dmp

memory/2324-111-0x0000000077200000-0x000000007731F000-memory.dmp

memory/2112-119-0x0000000000400000-0x000000000045E000-memory.dmp

memory/2396-129-0x0000000000400000-0x000000000045E000-memory.dmp

memory/1244-138-0x0000000000400000-0x000000000045E000-memory.dmp

memory/2004-146-0x0000000000400000-0x000000000045E000-memory.dmp

memory/1692-155-0x0000000000400000-0x000000000045E000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-07-12 08:00

Reported

2024-07-12 08:02

Platform

win10v2004-20240709-en

Max time kernel

149s

Max time network

96s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe"

Signatures

Detect XtremeRAT payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

XtremeRAT

persistence spyware rat xtremerat

Boot or Logon Autostart Execution: Active Setup

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 464 set thread context of 1952 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe
PID 4684 set thread context of 4604 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 1436 set thread context of 3872 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 1408 set thread context of 3264 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 4884 set thread context of 3124 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 4928 set thread context of 3400 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 3416 set thread context of 4352 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2384 set thread context of 4008 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 1952 set thread context of 3836 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 4736 set thread context of 2620 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2940 set thread context of 1424 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 3828 set thread context of 4856 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 4512 set thread context of 2592 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 4352 set thread context of 548 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 5116 set thread context of 1120 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2520 set thread context of 4160 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 3044 set thread context of 3284 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2632 set thread context of 3460 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 4744 set thread context of 5032 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 3644 set thread context of 4820 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 1388 set thread context of 3292 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 1064 set thread context of 2384 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 4292 set thread context of 4004 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 448 set thread context of 4112 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 1920 set thread context of 396 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 180 set thread context of 1120 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 4980 set thread context of 448 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 4580 set thread context of 4692 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 4408 set thread context of 3292 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\InstallDir\Server.exe C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe N/A
File created C:\Windows\InstallDir\Server.exe C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe N/A

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key C:\Windows\InstallDir\Server.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 464 wrote to memory of 1952 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe
PID 464 wrote to memory of 1952 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe
PID 464 wrote to memory of 1952 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe
PID 464 wrote to memory of 1952 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe
PID 464 wrote to memory of 1952 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe
PID 464 wrote to memory of 1952 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe
PID 464 wrote to memory of 1952 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe
PID 464 wrote to memory of 1952 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe
PID 1952 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1952 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1952 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1952 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1952 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1952 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1952 wrote to memory of 4852 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1952 wrote to memory of 4852 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1952 wrote to memory of 4852 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1952 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1952 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1952 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1952 wrote to memory of 3180 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1952 wrote to memory of 3180 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1952 wrote to memory of 3180 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1952 wrote to memory of 3636 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1952 wrote to memory of 3636 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1952 wrote to memory of 3636 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1952 wrote to memory of 1924 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1952 wrote to memory of 1924 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1952 wrote to memory of 1924 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1952 wrote to memory of 4996 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1952 wrote to memory of 4996 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1952 wrote to memory of 4684 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Windows\InstallDir\Server.exe
PID 1952 wrote to memory of 4684 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Windows\InstallDir\Server.exe
PID 1952 wrote to memory of 4684 N/A C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe C:\Windows\InstallDir\Server.exe
PID 4684 wrote to memory of 4604 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 4684 wrote to memory of 4604 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 4684 wrote to memory of 4604 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 4684 wrote to memory of 4604 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 4684 wrote to memory of 4604 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 4684 wrote to memory of 4604 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 4684 wrote to memory of 4604 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 4684 wrote to memory of 4604 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 4604 wrote to memory of 1444 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4604 wrote to memory of 1444 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4604 wrote to memory of 1444 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4604 wrote to memory of 2240 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4604 wrote to memory of 2240 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4604 wrote to memory of 2240 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4604 wrote to memory of 2548 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4604 wrote to memory of 2548 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4604 wrote to memory of 2548 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4604 wrote to memory of 1740 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4604 wrote to memory of 1740 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4604 wrote to memory of 1740 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4604 wrote to memory of 4688 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4604 wrote to memory of 4688 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4604 wrote to memory of 4688 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4604 wrote to memory of 1780 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4604 wrote to memory of 1780 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4604 wrote to memory of 1780 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4604 wrote to memory of 1928 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4604 wrote to memory of 1928 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4604 wrote to memory of 1928 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4604 wrote to memory of 452 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\3c93a29dc5ae17508ba1dec4a4e0903b_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

C:\Windows\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 13.107.21.237:443 g.bing.com tcp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 138.201.86.20.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 20.58.20.217.in-addr.arpa udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp

Files

memory/1952-2-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/464-4-0x0000000000400000-0x000000000045E000-memory.dmp

memory/1952-5-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/1952-6-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/1952-7-0x0000000000C80000-0x0000000000C96000-memory.dmp

C:\Windows\InstallDir\Server.exe

MD5 3c93a29dc5ae17508ba1dec4a4e0903b
SHA1 02c7f2bab68166565073570bce4a7d84f8bbe3de
SHA256 b279d7dd09e64a68a420dd5318216414e69fd4b8e01fbc76f0e9ead5b5e7661d
SHA512 dd278161f6a5452a50eab5fc66f43cb9f0fd1e62da101f3e6dd2022cb4c8222634d434892821ef3d2f2baddb5cae0122666eb5b5d0304bcaa655173d30cf5dbd

memory/1952-21-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/4604-30-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/4604-29-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/4604-28-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/4684-27-0x0000000000400000-0x000000000045E000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\((Mutex)).cfg

MD5 e9f404227c2512a3d8cc066b1e3f13e2
SHA1 ed177f8c44c7680c8cad83b9a387a1ad7b43577b
SHA256 4facff17bd4dfb6b9f5aa0f3a4acb391ea12dbf13812008d3384964b375c403f
SHA512 62d837adee09f9690e2fa1c3777a137a4aa7d4db1b17c570fb859f7be4aa51f0c8c7d806b4df3697ffb35fd04771c7b0e0c6b501d204347fde5e91d61d3f85a1

memory/4604-35-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/3872-40-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/3872-41-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/1436-42-0x0000000000400000-0x000000000045E000-memory.dmp

memory/3264-52-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/3264-51-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/1408-53-0x0000000000400000-0x000000000045E000-memory.dmp

memory/4884-62-0x0000000000400000-0x000000000045E000-memory.dmp

memory/3400-73-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/3400-74-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/4928-75-0x0000000000400000-0x000000000045E000-memory.dmp

memory/4352-84-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/4352-85-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/3416-86-0x0000000000400000-0x000000000045E000-memory.dmp

memory/2384-95-0x0000000000400000-0x000000000045E000-memory.dmp

memory/1952-108-0x0000000000400000-0x000000000045E000-memory.dmp

memory/4736-117-0x0000000000400000-0x000000000045E000-memory.dmp

memory/2620-118-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/2620-119-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/2940-129-0x0000000000400000-0x000000000045E000-memory.dmp

memory/3828-139-0x0000000000400000-0x000000000045E000-memory.dmp

memory/4512-150-0x0000000000400000-0x000000000045E000-memory.dmp

memory/4352-161-0x0000000000400000-0x000000000045E000-memory.dmp

memory/548-162-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/548-163-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/5116-172-0x0000000000400000-0x000000000045E000-memory.dmp