Malware Analysis Report

2024-12-07 21:54

Sample ID 240716-te5rjazeqk
Target 4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118
SHA256 2c0052e5cb2894de425b269a7057a78512ca4ae95901a5a05f2cd990fb96708c
Tags
xtremerat persistence rat spyware
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

2c0052e5cb2894de425b269a7057a78512ca4ae95901a5a05f2cd990fb96708c

Threat Level: Known bad

The file 4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

xtremerat persistence rat spyware

Detect XtremeRAT payload

XtremeRAT

Boot or Logon Autostart Execution: Active Setup

Loads dropped DLL

Checks computer location settings

Executes dropped EXE

Adds Run key to start application

Suspicious use of SetThreadContext

Drops file in Windows directory

Enumerates physical storage devices

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-16 15:59

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-16 15:59

Reported

2024-07-16 16:01

Platform

win7-20240708-en

Max time kernel

149s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe"

Signatures

Detect XtremeRAT payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

XtremeRAT

persistence spyware rat xtremerat

Boot or Logon Autostart Execution: Active Setup

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E} C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 2308 set thread context of 1972 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe
PID 2244 set thread context of 2904 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2772 set thread context of 2748 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2872 set thread context of 1928 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2724 set thread context of 3008 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2436 set thread context of 2404 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 304 set thread context of 1664 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 1324 set thread context of 1856 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 844 set thread context of 924 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 1556 set thread context of 2168 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 1708 set thread context of 1620 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2244 set thread context of 2908 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2656 set thread context of 3000 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 536 set thread context of 2332 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2292 set thread context of 2004 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 1856 set thread context of 844 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 1960 set thread context of 1568 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2912 set thread context of 2976 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2516 set thread context of 2456 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 320 set thread context of 2300 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2384 set thread context of 1708 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2908 set thread context of 800 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 1856 set thread context of 2536 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2436 set thread context of 2908 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2976 set thread context of 2760 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 3076 set thread context of 3092 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 3212 set thread context of 3228 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 3352 set thread context of 3368 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 3484 set thread context of 3500 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 3616 set thread context of 3632 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 3752 set thread context of 3768 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 3888 set thread context of 3904 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\InstallDir\Server.exe C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe N/A
File created C:\Windows\InstallDir\Server.exe C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe N/A

Enumerates physical storage devices

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2308 wrote to memory of 1972 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe
PID 2308 wrote to memory of 1972 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe
PID 2308 wrote to memory of 1972 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe
PID 2308 wrote to memory of 1972 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe
PID 2308 wrote to memory of 1972 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe
PID 2308 wrote to memory of 1972 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe
PID 2308 wrote to memory of 1972 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe
PID 2308 wrote to memory of 1972 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe
PID 2308 wrote to memory of 1972 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe
PID 2308 wrote to memory of 1972 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe
PID 2308 wrote to memory of 1972 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe
PID 2308 wrote to memory of 1972 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe
PID 2308 wrote to memory of 1972 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe
PID 2308 wrote to memory of 1972 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe
PID 1972 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1972 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1972 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1972 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1972 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1972 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1972 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1972 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1972 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1972 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1972 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1972 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1972 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1972 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1972 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1972 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1972 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1972 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1972 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1972 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1972 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1972 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1972 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1972 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1972 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1972 wrote to memory of 3040 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1972 wrote to memory of 3040 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1972 wrote to memory of 3040 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1972 wrote to memory of 3040 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1972 wrote to memory of 3040 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1972 wrote to memory of 2328 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1972 wrote to memory of 2328 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1972 wrote to memory of 2328 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1972 wrote to memory of 2328 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1972 wrote to memory of 2328 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1972 wrote to memory of 2076 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1972 wrote to memory of 2076 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1972 wrote to memory of 2076 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1972 wrote to memory of 2076 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1972 wrote to memory of 2244 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Windows\InstallDir\Server.exe
PID 1972 wrote to memory of 2244 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Windows\InstallDir\Server.exe
PID 1972 wrote to memory of 2244 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Windows\InstallDir\Server.exe
PID 1972 wrote to memory of 2244 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Windows\InstallDir\Server.exe
PID 2244 wrote to memory of 2904 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2244 wrote to memory of 2904 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2244 wrote to memory of 2904 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2244 wrote to memory of 2904 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2244 wrote to memory of 2904 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2244 wrote to memory of 2904 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2244 wrote to memory of 2904 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe

Processes

C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

Network

N/A

Files

memory/1972-2-0x0000000000C80000-0x0000000000C92000-memory.dmp

memory/1972-4-0x0000000000C80000-0x0000000000C92000-memory.dmp

memory/1972-5-0x0000000000C80000-0x0000000000C92000-memory.dmp

memory/1972-3-0x0000000000C80000-0x0000000000C92000-memory.dmp

\Windows\InstallDir\Server.exe

MD5 4f09d8eea84b81f08d82e722f7237cbe
SHA1 b5473864be8beed605a2bfc7ae2ad79e3bf03de6
SHA256 2c0052e5cb2894de425b269a7057a78512ca4ae95901a5a05f2cd990fb96708c
SHA512 557a33fb494e8c7656713141df5dc05088e620b5a0f7e28087ad34be65f139ebce27977331904d3ccb1f565221888a8b6381f0b10b848e680d95be3e1fc8fbde

memory/1972-16-0x0000000000C80000-0x0000000000C92000-memory.dmp

memory/2904-26-0x0000000000C80000-0x0000000000C92000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\((Mutex)).cfg

MD5 2d91270d80f6fb13c213aea45ba940f6
SHA1 0f4fb4f7770aa1ff333759efa51e4faf4ada10bf
SHA256 c3006d074188e589ccee0db74ecfd848a26457bbddbf4cca4f03a58a3c25f421
SHA512 e75e359e3363d751a96fb69e5777b0c7284eeb787267f98474f0edd66e246727b2614b9a7b5ed90046b3797a5e12cf0ad8238465ae6d9d4a98c77d19d0aa4763

memory/2904-28-0x0000000000C80000-0x0000000000C92000-memory.dmp

memory/2748-36-0x0000000000C80000-0x0000000000C92000-memory.dmp

memory/2748-39-0x0000000000C80000-0x0000000000C92000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-07-16 15:59

Reported

2024-07-16 16:01

Platform

win10v2004-20240709-en

Max time kernel

149s

Max time network

103s

Command Line

"C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe"

Signatures

Detect XtremeRAT payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

XtremeRAT

persistence spyware rat xtremerat

Boot or Logon Autostart Execution: Active Setup

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E} C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E} C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E} C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C56A6OR0-WV4M-PO7N-3PBM-8KBG8083512E}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" C:\Windows\InstallDir\Server.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\Server.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" C:\Windows\InstallDir\Server.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 1492 set thread context of 2516 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe
PID 1704 set thread context of 780 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 864 set thread context of 2320 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 4572 set thread context of 4336 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 1452 set thread context of 4416 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 748 set thread context of 3244 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2348 set thread context of 2324 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 4960 set thread context of 5000 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 940 set thread context of 2660 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2572 set thread context of 1908 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 416 set thread context of 748 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2348 set thread context of 3048 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 1572 set thread context of 1320 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2396 set thread context of 2620 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 1152 set thread context of 2656 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 416 set thread context of 4788 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 4424 set thread context of 4856 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 3900 set thread context of 4028 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 4924 set thread context of 860 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 2288 set thread context of 2724 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 3756 set thread context of 2256 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 5012 set thread context of 936 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 4484 set thread context of 3560 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 772 set thread context of 2160 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 1156 set thread context of 1468 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 4300 set thread context of 4748 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 3380 set thread context of 1912 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 5204 set thread context of 5228 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 5436 set thread context of 5460 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 5792 set thread context of 5816 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 5952 set thread context of 5980 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\InstallDir\Server.exe C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe N/A
File opened for modification C:\Windows\InstallDir\Server.exe C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe N/A

Enumerates physical storage devices

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A
N/A N/A C:\Windows\InstallDir\Server.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1492 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe
PID 1492 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe
PID 1492 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe
PID 1492 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe
PID 1492 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe
PID 1492 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe
PID 1492 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe
PID 1492 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe
PID 1492 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe
PID 1492 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe
PID 1492 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe
PID 1492 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe
PID 1492 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe
PID 2516 wrote to memory of 3016 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 3016 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 3016 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 224 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 224 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 224 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 3700 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 3700 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 3700 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 3596 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 3596 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 3596 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 4236 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 4236 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 4236 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 4792 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 4792 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 4792 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 4628 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 4628 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2516 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Windows\InstallDir\Server.exe
PID 2516 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Windows\InstallDir\Server.exe
PID 2516 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe C:\Windows\InstallDir\Server.exe
PID 1704 wrote to memory of 780 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 1704 wrote to memory of 780 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 1704 wrote to memory of 780 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 1704 wrote to memory of 780 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 1704 wrote to memory of 780 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 1704 wrote to memory of 780 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 1704 wrote to memory of 780 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 1704 wrote to memory of 780 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 1704 wrote to memory of 780 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 1704 wrote to memory of 780 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 1704 wrote to memory of 780 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 1704 wrote to memory of 780 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 1704 wrote to memory of 780 N/A C:\Windows\InstallDir\Server.exe C:\Windows\InstallDir\Server.exe
PID 780 wrote to memory of 220 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 780 wrote to memory of 220 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 780 wrote to memory of 220 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 780 wrote to memory of 3880 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 780 wrote to memory of 3880 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 780 wrote to memory of 3880 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 780 wrote to memory of 844 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 780 wrote to memory of 844 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 780 wrote to memory of 844 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 780 wrote to memory of 5104 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 780 wrote to memory of 5104 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 780 wrote to memory of 5104 N/A C:\Windows\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\4f09d8eea84b81f08d82e722f7237cbe_JaffaCakes118.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Windows\InstallDir\Server.exe

"C:\Windows\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 147.142.123.92.in-addr.arpa udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp

Files

memory/2516-3-0x0000000000C80000-0x0000000000C92000-memory.dmp

memory/2516-2-0x0000000000C80000-0x0000000000C92000-memory.dmp

memory/2516-4-0x0000000000C80000-0x0000000000C92000-memory.dmp

memory/2516-5-0x0000000000C80000-0x0000000000C92000-memory.dmp

C:\Windows\InstallDir\Server.exe

MD5 4f09d8eea84b81f08d82e722f7237cbe
SHA1 b5473864be8beed605a2bfc7ae2ad79e3bf03de6
SHA256 2c0052e5cb2894de425b269a7057a78512ca4ae95901a5a05f2cd990fb96708c
SHA512 557a33fb494e8c7656713141df5dc05088e620b5a0f7e28087ad34be65f139ebce27977331904d3ccb1f565221888a8b6381f0b10b848e680d95be3e1fc8fbde

memory/2516-19-0x0000000000C80000-0x0000000000C92000-memory.dmp

memory/780-25-0x0000000000C80000-0x0000000000C92000-memory.dmp

memory/780-26-0x0000000000C80000-0x0000000000C92000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\((Mutex)).cfg

MD5 2d91270d80f6fb13c213aea45ba940f6
SHA1 0f4fb4f7770aa1ff333759efa51e4faf4ada10bf
SHA256 c3006d074188e589ccee0db74ecfd848a26457bbddbf4cca4f03a58a3c25f421
SHA512 e75e359e3363d751a96fb69e5777b0c7284eeb787267f98474f0edd66e246727b2614b9a7b5ed90046b3797a5e12cf0ad8238465ae6d9d4a98c77d19d0aa4763

memory/780-31-0x0000000000C80000-0x0000000000C92000-memory.dmp

memory/2320-36-0x0000000000C80000-0x0000000000C92000-memory.dmp

memory/4416-54-0x0000000000C80000-0x0000000000C92000-memory.dmp

memory/3244-63-0x0000000000C80000-0x0000000000C92000-memory.dmp

memory/5000-81-0x0000000000C80000-0x0000000000C92000-memory.dmp

memory/2656-144-0x0000000000C80000-0x0000000000C92000-memory.dmp

memory/4028-171-0x0000000000C80000-0x0000000000C92000-memory.dmp