Malware Analysis Report

2025-01-02 02:48

Sample ID 240717-rf9e1atgll
Target 5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118
SHA256 636b5de6c26209dffb13c6ae0cb3f8cce92b3a734a7f4a0f64eb71236a323ccf
Tags
upx xtremerat persistence rat spyware
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

636b5de6c26209dffb13c6ae0cb3f8cce92b3a734a7f4a0f64eb71236a323ccf

Threat Level: Known bad

The file 5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

upx xtremerat persistence rat spyware

Detect XtremeRAT payload

XtremeRAT

Boot or Logon Autostart Execution: Active Setup

UPX packed file

Loads dropped DLL

Executes dropped EXE

Checks computer location settings

Suspicious use of SetThreadContext

Drops file in System32 directory

Unsigned PE

Enumerates physical storage devices

Suspicious use of SetWindowsHookEx

Modifies registry class

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-17 14:09

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-17 14:09

Reported

2024-07-17 14:11

Platform

win7-20240705-en

Max time kernel

149s

Max time network

126s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe"

Signatures

Detect XtremeRAT payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

XtremeRAT

persistence spyware rat xtremerat

Boot or Logon Autostart Execution: Active Setup

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY}\StubPath = "C:\\Windows\\SysWOW64\\windows\\Server.exe restart" C:\Windows\SysWOW64\windows\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY}\StubPath = "C:\\Windows\\SysWOW64\\windows\\Server.exe restart" C:\Windows\SysWOW64\windows\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY}\StubPath = "C:\\Windows\\SysWOW64\\windows\\Server.exe restart" C:\Windows\SysWOW64\windows\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY}\StubPath = "C:\\Windows\\system32\\windows\\Server.exe restart" C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY}\StubPath = "C:\\Windows\\system32\\windows\\Server.exe restart" C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY}\StubPath = "C:\\Windows\\SysWOW64\\windows\\Server.exe restart" C:\Windows\SysWOW64\windows\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY} C:\Windows\SysWOW64\windows\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\windows\\Server.exe restart" C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY} C:\Windows\SysWOW64\windows\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\windows\\Server.exe restart" C:\Windows\SysWOW64\windows\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY} C:\Windows\SysWOW64\windows\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY} C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY} C:\Windows\SysWOW64\windows\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY} C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY} C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\windows\\Server.exe restart" C:\Windows\SysWOW64\windows\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY}\StubPath = "C:\\Windows\\SysWOW64\\windows\\Server.exe restart" C:\Windows\SysWOW64\windows\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY} C:\Windows\SysWOW64\windows\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\windows\\Server.exe restart" C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY} C:\Windows\SysWOW64\windows\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY}\StubPath = "C:\\Windows\\SysWOW64\\windows\\Server.exe restart" C:\Windows\SysWOW64\windows\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\windows\\Server.exe restart" C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY}\StubPath = "C:\\Windows\\SysWOW64\\windows\\Server.exe restart" C:\Windows\SysWOW64\windows\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY} C:\Windows\SysWOW64\windows\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY} C:\Windows\SysWOW64\windows\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY} C:\Windows\SysWOW64\windows\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\windows\\Server.exe restart" C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY} C:\Windows\SysWOW64\windows\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY}\StubPath = "C:\\Windows\\system32\\windows\\Server.exe restart" C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY}\StubPath = "C:\\Windows\\SysWOW64\\windows\\Server.exe restart" C:\Windows\SysWOW64\windows\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY} C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY} C:\Windows\SysWOW64\windows\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\windows\\Server.exe restart" C:\Windows\SysWOW64\windows\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY} C:\Windows\SysWOW64\windows\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\windows\\Server.exe restart" C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY} C:\Windows\SysWOW64\windows\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY} C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY}\StubPath = "C:\\Windows\\system32\\windows\\Server.exe restart" C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY}\StubPath = "C:\\Windows\\system32\\windows\\Server.exe restart" C:\Windows\SysWOW64\svchost.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY}\StubPath = "C:\\Windows\\SysWOW64\\windows\\Server.exe restart" C:\Windows\SysWOW64\windows\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY}\StubPath = "C:\\Windows\\SysWOW64\\windows\\Server.exe restart" C:\Windows\SysWOW64\windows\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\windows\\Server.exe restart" C:\Windows\SysWOW64\windows\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\windows\\Server.exe restart" C:\Windows\SysWOW64\windows\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY} C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY} C:\Windows\SysWOW64\windows\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY} C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY} C:\Windows\SysWOW64\windows\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY} C:\Windows\SysWOW64\windows\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY}\StubPath = "C:\\Windows\\SysWOW64\\windows\\Server.exe restart" C:\Windows\SysWOW64\windows\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY} C:\Windows\SysWOW64\windows\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY} C:\Windows\SysWOW64\windows\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY} C:\Windows\SysWOW64\windows\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY}\StubPath = "C:\\Windows\\system32\\windows\\Server.exe restart" C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\windows\\Server.exe restart" C:\Windows\SysWOW64\windows\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\windows\\Server.exe restart" C:\Windows\SysWOW64\windows\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\windows\\Server.exe restart" C:\Windows\SysWOW64\windows\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY} C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY}\StubPath = "C:\\Windows\\SysWOW64\\windows\\Server.exe restart" C:\Windows\SysWOW64\windows\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY}\StubPath = "C:\\Windows\\SysWOW64\\windows\\Server.exe restart" C:\Windows\SysWOW64\windows\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY}\StubPath = "C:\\Windows\\SysWOW64\\windows\\Server.exe restart" C:\Windows\SysWOW64\windows\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\windows\\Server.exe restart" C:\Windows\SysWOW64\windows\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY}\StubPath = "C:\\Windows\\system32\\windows\\Server.exe restart" C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY} C:\Windows\SysWOW64\windows\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY} C:\Windows\SysWOW64\windows\Server.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\windows\ C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\windows\ C:\Windows\SysWOW64\windows\Server.exe N/A
File created C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\windows\ C:\Windows\SysWOW64\windows\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe N/A
File created C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe N/A
File created C:\Windows\SysWOW64\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
File created C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe N/A
File created C:\Windows\SysWOW64\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
File created C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\windows\ C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
File created C:\Windows\SysWOW64\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
File created C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\windows\ C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe N/A
File created C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\windows\ C:\Windows\SysWOW64\windows\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\windows\ C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
File created C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe N/A
File created C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe N/A
File created C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
File created C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\windows\ C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
File created C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe N/A
File created C:\Windows\SysWOW64\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
File created C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe N/A
File created C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\windows\ C:\Windows\SysWOW64\windows\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe N/A
File created C:\Windows\SysWOW64\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\windows\ C:\Windows\SysWOW64\windows\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe N/A
File created C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe N/A
File created C:\Windows\SysWOW64\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\windows\ C:\Windows\SysWOW64\windows\Server.exe N/A
File created C:\Windows\SysWOW64\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\windows\ C:\Windows\SysWOW64\windows\Server.exe N/A
File created C:\Windows\SysWOW64\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\windows\ C:\Windows\SysWOW64\windows\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe N/A
File created C:\Windows\SysWOW64\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
File created C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\windows\ C:\Windows\SysWOW64\windows\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\windows\ C:\Windows\SysWOW64\windows\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe N/A
File created C:\Windows\SysWOW64\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 2096 set thread context of 2712 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe
PID 2852 set thread context of 2632 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe
PID 2072 set thread context of 1956 N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe
PID 1232 set thread context of 2940 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe
PID 1784 set thread context of 2388 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe
PID 2384 set thread context of 1136 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe
PID 276 set thread context of 1480 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe
PID 3064 set thread context of 2180 N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe
PID 2212 set thread context of 1000 N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe
PID 1532 set thread context of 880 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe
PID 2572 set thread context of 2624 N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe
PID 1912 set thread context of 2124 N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe
PID 2812 set thread context of 3012 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe
PID 1352 set thread context of 2476 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe
PID 1928 set thread context of 1356 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe
PID 1480 set thread context of 2304 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe
PID 1740 set thread context of 2832 N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe
PID 3028 set thread context of 2712 N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe
PID 2120 set thread context of 2424 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe
PID 2768 set thread context of 2124 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe
PID 1988 set thread context of 1048 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe
PID 1608 set thread context of 1532 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe
PID 1020 set thread context of 2012 N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe
PID 1884 set thread context of 1452 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe
PID 1084 set thread context of 696 N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe
PID 1612 set thread context of 1748 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe
PID 880 set thread context of 1608 N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe
PID 1912 set thread context of 1020 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe
PID 3036 set thread context of 1052 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe
PID 2396 set thread context of 1372 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe
PID 3132 set thread context of 3152 N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe
PID 3252 set thread context of 3276 N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe
PID 3344 set thread context of 3372 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe
PID 3500 set thread context of 3516 N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe
PID 3620 set thread context of 3644 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe
PID 3680 set thread context of 3716 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe
PID 3860 set thread context of 3880 N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe
PID 4008 set thread context of 4024 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe
PID 4056 set thread context of 4072 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe
PID 3312 set thread context of 3328 N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe
PID 3460 set thread context of 3156 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe
PID 3536 set thread context of 3652 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe
PID 3732 set thread context of 3856 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe
PID 1648 set thread context of 1496 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe
PID 3196 set thread context of 3112 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe
PID 3532 set thread context of 3640 N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe
PID 3152 set thread context of 1648 N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe
PID 4072 set thread context of 3876 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe
PID 1052 set thread context of 3312 N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe
PID 3704 set thread context of 3908 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe
PID 3856 set thread context of 3888 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe
PID 1648 set thread context of 3676 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe
PID 4272 set thread context of 4300 N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe
PID 4332 set thread context of 4356 N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe
PID 4460 set thread context of 4484 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe
PID 4668 set thread context of 4692 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe
PID 4788 set thread context of 4828 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe
PID 4796 set thread context of 4852 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe
PID 5100 set thread context of 2284 N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe
PID 5092 set thread context of 4108 N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe
PID 4320 set thread context of 4324 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe
PID 4632 set thread context of 4652 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe
PID 4752 set thread context of 4768 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe
PID 4732 set thread context of 4872 N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe

Enumerates physical storage devices

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2096 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe
PID 2096 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe
PID 2096 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe
PID 2096 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe
PID 2096 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe
PID 2096 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe
PID 2096 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe
PID 2096 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe
PID 2096 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe
PID 2096 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe
PID 2096 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe
PID 2096 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe
PID 2096 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe
PID 2096 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe
PID 2712 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Windows\SysWOW64\svchost.exe
PID 2712 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Windows\SysWOW64\svchost.exe
PID 2712 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Windows\SysWOW64\svchost.exe
PID 2712 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Windows\SysWOW64\svchost.exe
PID 2712 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Windows\SysWOW64\svchost.exe
PID 2712 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2712 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2712 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2712 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2712 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2712 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2712 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2712 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2712 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2712 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2712 wrote to memory of 2868 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2712 wrote to memory of 2868 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2712 wrote to memory of 2868 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2712 wrote to memory of 2868 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2712 wrote to memory of 2868 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2712 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2712 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2712 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2712 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2712 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2712 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2712 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2712 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2712 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2712 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2712 wrote to memory of 2872 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2712 wrote to memory of 2872 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2712 wrote to memory of 2872 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2712 wrote to memory of 2872 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2712 wrote to memory of 2872 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2712 wrote to memory of 2208 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2712 wrote to memory of 2208 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2712 wrote to memory of 2208 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2712 wrote to memory of 2208 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2712 wrote to memory of 2208 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2712 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2712 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2712 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2712 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2712 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Windows\SysWOW64\windows\Server.exe
PID 2712 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Windows\SysWOW64\windows\Server.exe
PID 2712 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Windows\SysWOW64\windows\Server.exe
PID 2712 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Windows\SysWOW64\windows\Server.exe
PID 2852 wrote to memory of 2632 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe
PID 2852 wrote to memory of 2632 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe

Processes

C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe

C:\Windows\SysWOW64\svchost.exe

svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\windows\Server.exe

"C:\Windows\system32\windows\Server.exe"

C:\Windows\SysWOW64\windows\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

"C:\Users\Admin\AppData\Roaming\windows\Server.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\windows\Server.exe

"C:\Windows\system32\windows\Server.exe"

C:\Windows\SysWOW64\windows\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\windows\Server.exe

"C:\Windows\system32\windows\Server.exe"

C:\Windows\SysWOW64\windows\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\windows\Server.exe

"C:\Windows\system32\windows\Server.exe"

C:\Windows\SysWOW64\windows\Server.exe

C:\Windows\SysWOW64\windows\Server.exe

"C:\Windows\SysWOW64\windows\Server.exe"

C:\Windows\SysWOW64\windows\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

"C:\Users\Admin\AppData\Roaming\windows\Server.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

"C:\Users\Admin\AppData\Roaming\windows\Server.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

C:\Windows\SysWOW64\windows\Server.exe

"C:\Windows\system32\windows\Server.exe"

C:\Windows\SysWOW64\windows\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

"C:\Users\Admin\AppData\Roaming\windows\Server.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

"C:\Users\Admin\AppData\Roaming\windows\Server.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\windows\Server.exe

"C:\Windows\system32\windows\Server.exe"

C:\Windows\SysWOW64\windows\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\windows\Server.exe

"C:\Windows\SysWOW64\windows\Server.exe"

C:\Windows\SysWOW64\windows\Server.exe

"C:\Windows\system32\windows\Server.exe"

C:\Windows\SysWOW64\windows\Server.exe

C:\Windows\SysWOW64\windows\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\windows\Server.exe

"C:\Windows\system32\windows\Server.exe"

C:\Windows\SysWOW64\windows\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

"C:\Users\Admin\AppData\Roaming\windows\Server.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

"C:\Users\Admin\AppData\Roaming\windows\Server.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

C:\Users\Admin\AppData\Roaming\windows\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\windows\Server.exe

"C:\Windows\system32\windows\Server.exe"

C:\Windows\SysWOW64\windows\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\windows\Server.exe

"C:\Windows\system32\windows\Server.exe"

C:\Windows\SysWOW64\windows\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\windows\Server.exe

"C:\Windows\system32\windows\Server.exe"

C:\Windows\SysWOW64\windows\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\windows\Server.exe

"C:\Windows\system32\windows\Server.exe"

C:\Windows\SysWOW64\windows\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

"C:\Users\Admin\AppData\Roaming\windows\Server.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\windows\Server.exe

"C:\Windows\system32\windows\Server.exe"

C:\Windows\SysWOW64\windows\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

"C:\Users\Admin\AppData\Roaming\windows\Server.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\windows\Server.exe

"C:\Windows\SysWOW64\windows\Server.exe"

C:\Windows\SysWOW64\windows\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

"C:\Users\Admin\AppData\Roaming\windows\Server.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\windows\Server.exe

"C:\Windows\system32\windows\Server.exe"

C:\Windows\SysWOW64\windows\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\windows\Server.exe

"C:\Windows\system32\windows\Server.exe"

C:\Windows\SysWOW64\windows\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\windows\Server.exe

"C:\Windows\SysWOW64\windows\Server.exe"

C:\Windows\SysWOW64\windows\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

"C:\Users\Admin\AppData\Roaming\windows\Server.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

"C:\Users\Admin\AppData\Roaming\windows\Server.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\windows\Server.exe

"C:\Windows\system32\windows\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\windows\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

"C:\Users\Admin\AppData\Roaming\windows\Server.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\windows\Server.exe

"C:\Windows\SysWOW64\windows\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\windows\Server.exe

C:\Windows\SysWOW64\windows\Server.exe

"C:\Windows\system32\windows\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\windows\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

"C:\Users\Admin\AppData\Roaming\windows\Server.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\windows\Server.exe

"C:\Windows\SysWOW64\windows\Server.exe"

C:\Windows\SysWOW64\windows\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\windows\Server.exe

"C:\Windows\SysWOW64\windows\Server.exe"

C:\Windows\SysWOW64\windows\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

"C:\Users\Admin\AppData\Roaming\windows\Server.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\windows\Server.exe

"C:\Windows\SysWOW64\windows\Server.exe"

C:\Windows\SysWOW64\windows\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\windows\Server.exe

"C:\Windows\SysWOW64\windows\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\windows\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\windows\Server.exe

"C:\Windows\system32\windows\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\windows\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\windows\Server.exe

"C:\Windows\SysWOW64\windows\Server.exe"

C:\Windows\SysWOW64\windows\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\windows\Server.exe

"C:\Windows\system32\windows\Server.exe"

C:\Windows\SysWOW64\windows\Server.exe

C:\Users\Admin\AppData\Roaming\windows\Server.exe

"C:\Users\Admin\AppData\Roaming\windows\Server.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

"C:\Users\Admin\AppData\Roaming\windows\Server.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\windows\Server.exe

"C:\Windows\system32\windows\Server.exe"

C:\Windows\SysWOW64\windows\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

"C:\Users\Admin\AppData\Roaming\windows\Server.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\windows\Server.exe

"C:\Windows\SysWOW64\windows\Server.exe"

C:\Windows\SysWOW64\windows\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\windows\Server.exe

"C:\Windows\SysWOW64\windows\Server.exe"

C:\Windows\SysWOW64\windows\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\windows\Server.exe

"C:\Windows\system32\windows\Server.exe"

C:\Windows\SysWOW64\windows\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

"C:\Users\Admin\AppData\Roaming\windows\Server.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

C:\Users\Admin\AppData\Roaming\windows\Server.exe

"C:\Users\Admin\AppData\Roaming\windows\Server.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\windows\Server.exe

"C:\Windows\system32\windows\Server.exe"

C:\Windows\SysWOW64\windows\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\windows\Server.exe

"C:\Windows\system32\windows\Server.exe"

C:\Windows\SysWOW64\windows\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\windows\Server.exe

"C:\Windows\SysWOW64\windows\Server.exe"

C:\Windows\SysWOW64\windows\Server.exe

"C:\Windows\system32\windows\Server.exe"

C:\Windows\SysWOW64\windows\Server.exe

C:\Windows\SysWOW64\windows\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

"C:\Users\Admin\AppData\Roaming\windows\Server.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

"C:\Users\Admin\AppData\Roaming\windows\Server.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

C:\Users\Admin\AppData\Roaming\windows\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\windows\Server.exe

"C:\Windows\system32\windows\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\windows\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\windows\Server.exe

"C:\Windows\system32\windows\Server.exe"

C:\Windows\SysWOW64\windows\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\windows\Server.exe

"C:\Windows\system32\windows\Server.exe"

C:\Windows\SysWOW64\windows\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

"C:\Users\Admin\AppData\Roaming\windows\Server.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

"C:\Users\Admin\AppData\Roaming\windows\Server.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\windows\Server.exe

"C:\Windows\system32\windows\Server.exe"

C:\Windows\SysWOW64\windows\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

"C:\Users\Admin\AppData\Roaming\windows\Server.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\windows\Server.exe

"C:\Windows\SysWOW64\windows\Server.exe"

C:\Windows\SysWOW64\windows\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\windows\Server.exe

"C:\Windows\system32\windows\Server.exe"

C:\Windows\SysWOW64\windows\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

"C:\Users\Admin\AppData\Roaming\windows\Server.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\windows\Server.exe

"C:\Windows\SysWOW64\windows\Server.exe"

C:\Windows\SysWOW64\windows\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\windows\Server.exe

"C:\Windows\system32\windows\Server.exe"

C:\Windows\SysWOW64\windows\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

"C:\Users\Admin\AppData\Roaming\windows\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\windows\Server.exe

"C:\Windows\SysWOW64\windows\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\windows\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\windows\Server.exe

"C:\Windows\system32\windows\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\windows\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

"C:\Users\Admin\AppData\Roaming\windows\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\windows\Server.exe

"C:\Windows\SysWOW64\windows\Server.exe"

C:\Windows\SysWOW64\windows\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\windows\Server.exe

"C:\Windows\SysWOW64\windows\Server.exe"

C:\Windows\SysWOW64\windows\Server.exe

C:\Windows\SysWOW64\windows\Server.exe

"C:\Windows\system32\windows\Server.exe"

C:\Windows\SysWOW64\windows\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

Network

N/A

Files

memory/2096-0-0x0000000000400000-0x0000000000438000-memory.dmp

memory/2712-3-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/2712-8-0x0000000000400000-0x0000000000438000-memory.dmp

memory/2712-7-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/2096-6-0x0000000000400000-0x0000000000438000-memory.dmp

memory/2712-4-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/2712-9-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/2688-18-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/2688-16-0x0000000000C80000-0x0000000000C93000-memory.dmp

C:\Windows\SysWOW64\windows\Server.exe

MD5 5352d2f8ae61a3d1e25915d0bf9ae0f3
SHA1 bb3645d3ab000883698684bb0069151e25cfec21
SHA256 636b5de6c26209dffb13c6ae0cb3f8cce92b3a734a7f4a0f64eb71236a323ccf
SHA512 b6bfe4e79047b4bc57f6c4acf3b2c2ef916c286b24119414b09f3dbc7d4e81ffd0a69ab176a6d2a3524a63faee316eac093c60a6c4ca1225723eb2e3cd7b89ab

memory/2712-22-0x00000000032D0000-0x0000000003308000-memory.dmp

memory/2712-24-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/2852-31-0x0000000000400000-0x0000000000438000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\DEfmJX.cfg

MD5 651c77f67dfeb3aa6be44939a4e03f43
SHA1 99cf486e4df61ec9cacc5300d834bc7c163519a4
SHA256 e29c5a8a737c184f9d0f5a0ff09213bee4c296d59c37d733be4dd5f762dd9b88
SHA512 e358afa0e1afe1162dc35a5bfb3f600ee2a02709ce20dcfaa2b7b147f98acfb40a9b134c29ffae83686385ebc7cb0e1fff28f033a7f60a5199b6c540469a441f

memory/2632-46-0x0000000003570000-0x00000000035A8000-memory.dmp

memory/2632-45-0x0000000003570000-0x00000000035A8000-memory.dmp

memory/2072-54-0x0000000000400000-0x0000000000438000-memory.dmp

memory/1232-66-0x0000000000400000-0x0000000000438000-memory.dmp

memory/2688-65-0x0000000000390000-0x00000000003C8000-memory.dmp

memory/1232-73-0x0000000000400000-0x0000000000438000-memory.dmp

\??\PIPE\srvsvc

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/1784-83-0x0000000000400000-0x0000000000438000-memory.dmp

memory/1784-87-0x0000000000400000-0x0000000000438000-memory.dmp

memory/2688-97-0x0000000000390000-0x00000000003C8000-memory.dmp

memory/276-108-0x0000000000400000-0x0000000000438000-memory.dmp

memory/2384-107-0x0000000000400000-0x0000000000438000-memory.dmp

memory/2688-121-0x0000000000390000-0x00000000003C8000-memory.dmp

memory/3064-133-0x0000000000400000-0x0000000000438000-memory.dmp

memory/1136-138-0x0000000003570000-0x00000000035A8000-memory.dmp

memory/2212-144-0x0000000000400000-0x0000000000438000-memory.dmp

memory/2572-166-0x0000000000400000-0x0000000000438000-memory.dmp

memory/1912-180-0x0000000000400000-0x0000000000438000-memory.dmp

memory/1912-175-0x0000000000400000-0x0000000000438000-memory.dmp

memory/2688-192-0x0000000000790000-0x00000000007C8000-memory.dmp

memory/2812-199-0x0000000000400000-0x0000000000438000-memory.dmp

memory/1352-205-0x0000000000220000-0x0000000000230000-memory.dmp

memory/1928-216-0x0000000000400000-0x0000000000438000-memory.dmp

memory/1352-204-0x0000000000220000-0x0000000000230000-memory.dmp

memory/1352-213-0x0000000000400000-0x0000000000438000-memory.dmp

memory/1352-207-0x0000000000400000-0x0000000000438000-memory.dmp

memory/2688-224-0x0000000002840000-0x0000000002878000-memory.dmp

memory/1480-232-0x0000000000400000-0x0000000000438000-memory.dmp

memory/2688-239-0x0000000000790000-0x00000000007C8000-memory.dmp

memory/2476-240-0x0000000003510000-0x0000000003548000-memory.dmp

memory/1740-248-0x0000000000400000-0x0000000000438000-memory.dmp

memory/3028-249-0x0000000000400000-0x0000000000438000-memory.dmp

memory/3028-253-0x0000000000400000-0x0000000000438000-memory.dmp

memory/2688-273-0x0000000002840000-0x0000000002878000-memory.dmp

memory/2768-274-0x0000000000400000-0x0000000000438000-memory.dmp

memory/2768-279-0x0000000000400000-0x0000000000438000-memory.dmp

memory/2712-283-0x00000000032D0000-0x0000000003308000-memory.dmp

memory/1988-289-0x0000000000400000-0x0000000000438000-memory.dmp

memory/2688-296-0x0000000002A40000-0x0000000002A78000-memory.dmp

memory/1020-312-0x0000000000400000-0x0000000000438000-memory.dmp

memory/1884-316-0x0000000000400000-0x0000000000438000-memory.dmp

memory/1084-324-0x0000000000400000-0x0000000000438000-memory.dmp

memory/1084-330-0x0000000000400000-0x0000000000438000-memory.dmp

memory/1612-338-0x0000000000400000-0x0000000000438000-memory.dmp

memory/880-345-0x0000000000400000-0x0000000000438000-memory.dmp

memory/2688-353-0x0000000002CC0000-0x0000000002CF8000-memory.dmp

memory/1912-359-0x0000000000400000-0x0000000000438000-memory.dmp

memory/2396-373-0x0000000000400000-0x0000000000438000-memory.dmp

memory/3132-390-0x0000000000400000-0x0000000000438000-memory.dmp

memory/1372-393-0x0000000003560000-0x0000000003598000-memory.dmp

memory/3252-398-0x0000000000400000-0x0000000000438000-memory.dmp

memory/2688-406-0x00000000043D0000-0x0000000004408000-memory.dmp

memory/3500-419-0x0000000000400000-0x0000000000438000-memory.dmp

memory/3620-426-0x0000000000400000-0x0000000000438000-memory.dmp

memory/2688-430-0x0000000002BE0000-0x0000000002C18000-memory.dmp

memory/2688-438-0x00000000043D0000-0x0000000004408000-memory.dmp

memory/3460-472-0x0000000000400000-0x0000000000438000-memory.dmp

memory/3536-475-0x0000000000400000-0x0000000000438000-memory.dmp

memory/2688-487-0x0000000002BE0000-0x0000000002C18000-memory.dmp

memory/3532-516-0x0000000000400000-0x0000000000438000-memory.dmp

memory/3196-518-0x0000000000400000-0x0000000000438000-memory.dmp

memory/3532-521-0x0000000000400000-0x0000000000438000-memory.dmp

memory/2688-528-0x0000000002BE0000-0x0000000002C18000-memory.dmp

memory/3152-532-0x0000000000400000-0x0000000000438000-memory.dmp

memory/4072-540-0x0000000000400000-0x0000000000438000-memory.dmp

memory/1052-550-0x0000000000400000-0x0000000000438000-memory.dmp

memory/1052-547-0x0000000000400000-0x0000000000438000-memory.dmp

memory/2688-546-0x0000000002BE0000-0x0000000002C18000-memory.dmp

memory/3704-558-0x0000000000400000-0x0000000000438000-memory.dmp

memory/2688-566-0x0000000002BE0000-0x0000000002C18000-memory.dmp

memory/3888-586-0x00000000036A0000-0x00000000036D8000-memory.dmp

memory/3676-592-0x0000000003570000-0x00000000035A8000-memory.dmp

memory/2688-611-0x0000000004590000-0x00000000045C8000-memory.dmp

memory/2688-610-0x0000000004590000-0x00000000045C8000-memory.dmp

memory/2688-617-0x0000000004450000-0x0000000004488000-memory.dmp

memory/4300-620-0x00000000031E0000-0x0000000003218000-memory.dmp

memory/4668-625-0x0000000000400000-0x0000000000438000-memory.dmp

memory/2688-633-0x0000000004340000-0x0000000004378000-memory.dmp

memory/4788-641-0x0000000000400000-0x0000000000438000-memory.dmp

memory/2688-653-0x0000000004590000-0x00000000045C8000-memory.dmp

memory/5100-663-0x0000000000400000-0x0000000000438000-memory.dmp

memory/2688-671-0x00000000044F0000-0x0000000004528000-memory.dmp

memory/2688-679-0x0000000004340000-0x0000000004378000-memory.dmp

memory/2688-680-0x0000000004340000-0x0000000004378000-memory.dmp

memory/2284-681-0x0000000003190000-0x00000000031C8000-memory.dmp

memory/4632-686-0x0000000000400000-0x0000000000438000-memory.dmp

memory/4752-699-0x0000000000400000-0x0000000000438000-memory.dmp

memory/2688-706-0x00000000044F0000-0x0000000004528000-memory.dmp

memory/4732-707-0x0000000000400000-0x0000000000438000-memory.dmp

memory/2688-726-0x0000000004490000-0x00000000044C8000-memory.dmp

memory/4256-750-0x0000000000400000-0x0000000000438000-memory.dmp

memory/2688-756-0x0000000004760000-0x0000000004798000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-07-17 14:09

Reported

2024-07-17 14:11

Platform

win10v2004-20240709-en

Max time kernel

149s

Max time network

146s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe"

Signatures

Detect XtremeRAT payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

XtremeRAT

persistence spyware rat xtremerat

Boot or Logon Autostart Execution: Active Setup

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\windows\\Server.exe restart" C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\windows\\Server.exe restart" C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\windows\\Server.exe restart" C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY} C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY} C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\windows\\Server.exe restart" C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY} C:\Windows\SysWOW64\windows\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY}\StubPath = "C:\\Windows\\SysWOW64\\windows\\Server.exe restart" C:\Windows\SysWOW64\windows\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\windows\\Server.exe restart" C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\windows\\Server.exe restart" C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY}\StubPath = "C:\\Windows\\system32\\windows\\Server.exe restart" C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY} C:\Windows\SysWOW64\windows\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY} C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY} C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY} C:\Windows\SysWOW64\windows\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY} C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY} C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY} C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY} C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY}\StubPath = "C:\\Windows\\SysWOW64\\windows\\Server.exe restart" C:\Windows\SysWOW64\windows\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY}\StubPath = "C:\\Windows\\system32\\windows\\Server.exe restart" C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\windows\\Server.exe restart" C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY}\StubPath = "C:\\Windows\\system32\\windows\\Server.exe restart" C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY} C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY}\StubPath = "C:\\Windows\\system32\\windows\\Server.exe restart" C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY}\StubPath = "C:\\Windows\\SysWOW64\\windows\\Server.exe restart" C:\Windows\SysWOW64\windows\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY} C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY} C:\Windows\SysWOW64\windows\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\windows\\Server.exe restart" C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\windows\\Server.exe restart" C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\windows\\Server.exe restart" C:\Windows\SysWOW64\windows\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\windows\\Server.exe restart" C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY} C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY}\StubPath = "C:\\Windows\\system32\\windows\\Server.exe restart" C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\windows\\Server.exe restart" C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY}\StubPath = "C:\\Windows\\SysWOW64\\windows\\Server.exe restart" C:\Windows\SysWOW64\windows\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY} C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY}\StubPath = "C:\\Windows\\SysWOW64\\windows\\Server.exe restart" C:\Windows\SysWOW64\windows\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY} C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY} C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY} C:\Windows\SysWOW64\windows\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY} C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\windows\\Server.exe restart" C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY}\StubPath = "C:\\Windows\\system32\\windows\\Server.exe restart" C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY}\StubPath = "C:\\Windows\\system32\\windows\\Server.exe restart" C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY}\StubPath = "C:\\Windows\\SysWOW64\\windows\\Server.exe restart" C:\Windows\SysWOW64\windows\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\windows\\Server.exe restart" C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY} C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY} C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY}\StubPath = "C:\\Windows\\system32\\windows\\Server.exe restart" C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\windows\\Server.exe restart" C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\windows\\Server.exe restart" C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY} C:\Windows\SysWOW64\windows\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY} C:\Windows\SysWOW64\windows\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\windows\\Server.exe restart" C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY} C:\Windows\SysWOW64\windows\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\windows\\Server.exe restart" C:\Windows\SysWOW64\svchost.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY} C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY}\StubPath = "C:\\Windows\\system32\\windows\\Server.exe restart" C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY} C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY}\StubPath = "C:\\Windows\\SysWOW64\\windows\\Server.exe restart" C:\Windows\SysWOW64\windows\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\windows\\Server.exe restart" C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY} C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{YFTDSD7Q-MRI3-AKC4-S245-Q4G56TVM36MY}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\windows\\Server.exe restart" C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\windows\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\windows\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\windows\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\windows\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\windows\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\windows\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\windows\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\windows\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\windows\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\windows\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\windows\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\windows\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\windows\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\windows\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\windows\ C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
File created C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\windows\ C:\Windows\SysWOW64\windows\Server.exe N/A
File created C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe N/A
File created C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\windows\ C:\Windows\SysWOW64\windows\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\windows\ C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
File created C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe N/A
File created C:\Windows\SysWOW64\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\windows\ C:\Windows\SysWOW64\windows\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\windows\ C:\Windows\SysWOW64\windows\Server.exe N/A
File created C:\Windows\SysWOW64\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
File created C:\Windows\SysWOW64\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
File created C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\windows\ C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\windows\ C:\Windows\SysWOW64\windows\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\windows\ C:\Windows\SysWOW64\windows\Server.exe N/A
File created C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe N/A
File created C:\Windows\SysWOW64\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\windows\ C:\Windows\SysWOW64\windows\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\windows\ C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
File created C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe N/A
File created C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe N/A
File created C:\Windows\SysWOW64\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
File created C:\Windows\SysWOW64\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
File created C:\Windows\SysWOW64\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe N/A
File created C:\Windows\SysWOW64\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
File created C:\Windows\SysWOW64\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\windows\ C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\windows\ C:\Windows\SysWOW64\windows\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
File created C:\Windows\SysWOW64\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
File created C:\Windows\SysWOW64\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
File created C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe N/A
File created C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe N/A
File created C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\windows\ C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
File created C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\windows\ C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
File created C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe N/A
File created C:\Windows\SysWOW64\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\windows\ C:\Windows\SysWOW64\windows\Server.exe N/A
File created C:\Windows\SysWOW64\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 4752 set thread context of 876 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe
PID 2940 set thread context of 2432 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe
PID 3948 set thread context of 2716 N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe
PID 4980 set thread context of 4176 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe
PID 1056 set thread context of 1688 N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe
PID 3716 set thread context of 3004 N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe
PID 1164 set thread context of 4168 N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe
PID 2220 set thread context of 3532 N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe
PID 5020 set thread context of 3540 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe
PID 3516 set thread context of 1880 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe
PID 1256 set thread context of 3912 N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe
PID 2964 set thread context of 4176 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe
PID 3712 set thread context of 3000 N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe
PID 5056 set thread context of 4524 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe
PID 3532 set thread context of 540 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe
PID 4980 set thread context of 2376 N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe
PID 4728 set thread context of 2136 N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe
PID 2988 set thread context of 4168 N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe
PID 3708 set thread context of 4772 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe
PID 1404 set thread context of 100 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe
PID 2144 set thread context of 4252 N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe
PID 4068 set thread context of 4224 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe
PID 2988 set thread context of 4956 N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe
PID 5148 set thread context of 5172 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe
PID 5228 set thread context of 5252 N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe
PID 5480 set thread context of 5504 N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe
PID 5544 set thread context of 5604 N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe
PID 5976 set thread context of 6004 N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe
PID 6036 set thread context of 6060 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe
PID 6120 set thread context of 5132 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe
PID 4968 set thread context of 3136 N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe
PID 5024 set thread context of 3868 N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe
PID 5384 set thread context of 5484 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe
PID 2748 set thread context of 3368 N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe
PID 5720 set thread context of 5804 N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe
PID 5420 set thread context of 5452 N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe
PID 2524 set thread context of 5572 N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe
PID 5500 set thread context of 4308 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe
PID 6024 set thread context of 4224 N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe
PID 6076 set thread context of 1388 N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe
PID 5500 set thread context of 5468 N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe
PID 4936 set thread context of 3780 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe
PID 2452 set thread context of 5392 N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe
PID 6124 set thread context of 832 N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe
PID 1080 set thread context of 6064 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe
PID 6332 set thread context of 6364 N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe
PID 6420 set thread context of 6468 N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe
PID 6520 set thread context of 6544 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe
PID 6944 set thread context of 7012 N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe
PID 6996 set thread context of 7052 N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe
PID 7144 set thread context of 1920 N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe
PID 7164 set thread context of 5152 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe
PID 6400 set thread context of 6444 N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe
PID 6516 set thread context of 6552 N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe
PID 6784 set thread context of 6380 N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe
PID 6884 set thread context of 6572 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe
PID 7044 set thread context of 7008 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe
PID 7024 set thread context of 6324 N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe
PID 6428 set thread context of 5860 N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe
PID 6584 set thread context of 2980 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe
PID 6964 set thread context of 7072 N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe
PID 4332 set thread context of 5168 N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe
PID 1920 set thread context of 6564 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe
PID 5908 set thread context of 6436 N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe C:\Users\Admin\AppData\Roaming\windows\Server.exe

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\windows\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\svchost.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\windows\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\windows\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\windows\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\windows\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\windows\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\windows\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\windows\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\windows\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\windows\Server.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4752 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe
PID 4752 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe
PID 4752 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe
PID 4752 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe
PID 4752 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe
PID 4752 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe
PID 4752 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe
PID 4752 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe
PID 4752 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe
PID 4752 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe
PID 4752 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe
PID 4752 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe
PID 4752 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe
PID 876 wrote to memory of 3252 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Windows\SysWOW64\svchost.exe
PID 876 wrote to memory of 3252 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Windows\SysWOW64\svchost.exe
PID 876 wrote to memory of 3252 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Windows\SysWOW64\svchost.exe
PID 876 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 876 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 876 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 876 wrote to memory of 4912 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 876 wrote to memory of 4912 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 876 wrote to memory of 4912 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 876 wrote to memory of 2324 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 876 wrote to memory of 2324 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 876 wrote to memory of 2324 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 876 wrote to memory of 1156 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 876 wrote to memory of 1156 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 876 wrote to memory of 1156 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 876 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 876 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 876 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 876 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 876 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 876 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 876 wrote to memory of 1468 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 876 wrote to memory of 1468 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 876 wrote to memory of 1468 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 876 wrote to memory of 1324 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 876 wrote to memory of 1324 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 876 wrote to memory of 2940 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Windows\SysWOW64\windows\Server.exe
PID 876 wrote to memory of 2940 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Windows\SysWOW64\windows\Server.exe
PID 876 wrote to memory of 2940 N/A C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe C:\Windows\SysWOW64\windows\Server.exe
PID 2940 wrote to memory of 2432 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe
PID 2940 wrote to memory of 2432 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe
PID 2940 wrote to memory of 2432 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe
PID 2940 wrote to memory of 2432 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe
PID 2940 wrote to memory of 2432 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe
PID 2940 wrote to memory of 2432 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe
PID 2940 wrote to memory of 2432 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe
PID 2940 wrote to memory of 2432 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe
PID 2940 wrote to memory of 2432 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe
PID 2940 wrote to memory of 2432 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe
PID 2940 wrote to memory of 2432 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe
PID 2940 wrote to memory of 2432 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe
PID 2940 wrote to memory of 2432 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\windows\Server.exe
PID 2432 wrote to memory of 3828 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\svchost.exe
PID 2432 wrote to memory of 3828 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\svchost.exe
PID 2432 wrote to memory of 3828 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\svchost.exe
PID 2432 wrote to memory of 3828 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Windows\SysWOW64\svchost.exe
PID 2432 wrote to memory of 2372 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2432 wrote to memory of 2372 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2432 wrote to memory of 2372 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2432 wrote to memory of 4612 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2432 wrote to memory of 4612 N/A C:\Windows\SysWOW64\windows\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\5352d2f8ae61a3d1e25915d0bf9ae0f3_JaffaCakes118.exe

C:\Windows\SysWOW64\svchost.exe

svchost.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\windows\Server.exe

"C:\Windows\system32\windows\Server.exe"

C:\Windows\SysWOW64\windows\Server.exe

C:\Windows\SysWOW64\svchost.exe

svchost.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

"C:\Users\Admin\AppData\Roaming\windows\Server.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\windows\Server.exe

"C:\Windows\system32\windows\Server.exe"

C:\Windows\SysWOW64\windows\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

"C:\Users\Admin\AppData\Roaming\windows\Server.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

"C:\Users\Admin\AppData\Roaming\windows\Server.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

C:\Users\Admin\AppData\Roaming\windows\Server.exe

"C:\Users\Admin\AppData\Roaming\windows\Server.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

C:\Users\Admin\AppData\Roaming\windows\Server.exe

"C:\Users\Admin\AppData\Roaming\windows\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\windows\Server.exe

"C:\Windows\system32\windows\Server.exe"

C:\Windows\SysWOW64\windows\Server.exe

C:\Windows\SysWOW64\windows\Server.exe

"C:\Windows\system32\windows\Server.exe"

C:\Windows\SysWOW64\windows\Server.exe

C:\Users\Admin\AppData\Roaming\windows\Server.exe

"C:\Users\Admin\AppData\Roaming\windows\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

C:\Windows\SysWOW64\windows\Server.exe

"C:\Windows\system32\windows\Server.exe"

C:\Windows\SysWOW64\windows\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

"C:\Users\Admin\AppData\Roaming\windows\Server.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

C:\Windows\SysWOW64\windows\Server.exe

"C:\Windows\SysWOW64\windows\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\windows\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\windows\Server.exe

"C:\Windows\SysWOW64\windows\Server.exe"

C:\Windows\SysWOW64\windows\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

"C:\Users\Admin\AppData\Roaming\windows\Server.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

"C:\Users\Admin\AppData\Roaming\windows\Server.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

C:\Users\Admin\AppData\Roaming\windows\Server.exe

"C:\Users\Admin\AppData\Roaming\windows\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\windows\Server.exe

"C:\Windows\system32\windows\Server.exe"

C:\Windows\SysWOW64\windows\Server.exe

"C:\Windows\system32\windows\Server.exe"

C:\Windows\SysWOW64\windows\Server.exe

C:\Windows\SysWOW64\windows\Server.exe

C:\Users\Admin\AppData\Roaming\windows\Server.exe

"C:\Users\Admin\AppData\Roaming\windows\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\windows\Server.exe

"C:\Windows\SysWOW64\windows\Server.exe"

C:\Windows\SysWOW64\windows\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

"C:\Users\Admin\AppData\Roaming\windows\Server.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\windows\Server.exe

"C:\Windows\SysWOW64\windows\Server.exe"

C:\Windows\SysWOW64\windows\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

"C:\Users\Admin\AppData\Roaming\windows\Server.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

"C:\Users\Admin\AppData\Roaming\windows\Server.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

C:\Users\Admin\AppData\Roaming\windows\Server.exe

"C:\Users\Admin\AppData\Roaming\windows\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

"C:\Users\Admin\AppData\Roaming\windows\Server.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

C:\Windows\SysWOW64\windows\Server.exe

"C:\Windows\system32\windows\Server.exe"

C:\Windows\SysWOW64\windows\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\windows\Server.exe

"C:\Windows\system32\windows\Server.exe"

C:\Windows\SysWOW64\windows\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

"C:\Users\Admin\AppData\Roaming\windows\Server.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

C:\Users\Admin\AppData\Roaming\windows\Server.exe

"C:\Users\Admin\AppData\Roaming\windows\Server.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\windows\Server.exe

"C:\Windows\SysWOW64\windows\Server.exe"

C:\Windows\SysWOW64\windows\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

"C:\Users\Admin\AppData\Roaming\windows\Server.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

C:\Users\Admin\AppData\Roaming\windows\Server.exe

"C:\Users\Admin\AppData\Roaming\windows\Server.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

"C:\Users\Admin\AppData\Roaming\windows\Server.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

C:\Users\Admin\AppData\Roaming\windows\Server.exe

"C:\Users\Admin\AppData\Roaming\windows\Server.exe"

C:\Windows\SysWOW64\windows\Server.exe

"C:\Windows\system32\windows\Server.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

C:\Windows\SysWOW64\windows\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

"C:\Users\Admin\AppData\Roaming\windows\Server.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

"C:\Users\Admin\AppData\Roaming\windows\Server.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

C:\Users\Admin\AppData\Roaming\windows\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

"C:\Users\Admin\AppData\Roaming\windows\Server.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

C:\Windows\SysWOW64\windows\Server.exe

"C:\Windows\system32\windows\Server.exe"

C:\Windows\SysWOW64\windows\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

"C:\Users\Admin\AppData\Roaming\windows\Server.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

C:\Users\Admin\AppData\Roaming\windows\Server.exe

"C:\Users\Admin\AppData\Roaming\windows\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\windows\Server.exe

"C:\Windows\SysWOW64\windows\Server.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

C:\Windows\SysWOW64\windows\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

"C:\Users\Admin\AppData\Roaming\windows\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

"C:\Users\Admin\AppData\Roaming\windows\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

C:\Windows\SysWOW64\windows\Server.exe

"C:\Windows\SysWOW64\windows\Server.exe"

C:\Windows\SysWOW64\windows\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

"C:\Users\Admin\AppData\Roaming\windows\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

"C:\Users\Admin\AppData\Roaming\windows\Server.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

C:\Users\Admin\AppData\Roaming\windows\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

"C:\Users\Admin\AppData\Roaming\windows\Server.exe"

C:\Windows\SysWOW64\windows\Server.exe

"C:\Windows\SysWOW64\windows\Server.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

C:\Windows\SysWOW64\windows\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

"C:\Users\Admin\AppData\Roaming\windows\Server.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

"C:\Users\Admin\AppData\Roaming\windows\Server.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

"C:\Users\Admin\AppData\Roaming\windows\Server.exe"

C:\Windows\SysWOW64\windows\Server.exe

"C:\Windows\system32\windows\Server.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

C:\Windows\SysWOW64\windows\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\windows\Server.exe

"C:\Windows\system32\windows\Server.exe"

C:\Windows\SysWOW64\windows\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

"C:\Users\Admin\AppData\Roaming\windows\Server.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

C:\Users\Admin\AppData\Roaming\windows\Server.exe

"C:\Users\Admin\AppData\Roaming\windows\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\windows\Server.exe

"C:\Windows\SysWOW64\windows\Server.exe"

C:\Windows\SysWOW64\windows\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

"C:\Users\Admin\AppData\Roaming\windows\Server.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

"C:\Users\Admin\AppData\Roaming\windows\Server.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\windows\Server.exe

"C:\Windows\SysWOW64\windows\Server.exe"

C:\Windows\SysWOW64\windows\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

"C:\Users\Admin\AppData\Roaming\windows\Server.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

C:\Users\Admin\AppData\Roaming\windows\Server.exe

"C:\Users\Admin\AppData\Roaming\windows\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\windows\Server.exe

"C:\Windows\SysWOW64\windows\Server.exe"

C:\Windows\SysWOW64\windows\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

"C:\Users\Admin\AppData\Roaming\windows\Server.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

"C:\Users\Admin\AppData\Roaming\windows\Server.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

C:\Windows\SysWOW64\windows\Server.exe

"C:\Windows\SysWOW64\windows\Server.exe"

C:\Windows\SysWOW64\windows\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

"C:\Users\Admin\AppData\Roaming\windows\Server.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

C:\Users\Admin\AppData\Roaming\windows\Server.exe

"C:\Users\Admin\AppData\Roaming\windows\Server.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

"C:\Users\Admin\AppData\Roaming\windows\Server.exe"

C:\Users\Admin\AppData\Roaming\windows\Server.exe

C:\Windows\SysWOW64\windows\Server.exe

"C:\Windows\system32\windows\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\windows\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 99.58.20.217.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 147.142.123.92.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
IE 52.111.236.21:443 tcp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp

Files

memory/4752-0-0x0000000000400000-0x0000000000438000-memory.dmp

memory/876-3-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/876-4-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/4752-5-0x0000000000400000-0x0000000000438000-memory.dmp

memory/876-6-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/876-7-0x0000000000C80000-0x0000000000C93000-memory.dmp

C:\Windows\SysWOW64\windows\Server.exe

MD5 5352d2f8ae61a3d1e25915d0bf9ae0f3
SHA1 bb3645d3ab000883698684bb0069151e25cfec21
SHA256 636b5de6c26209dffb13c6ae0cb3f8cce92b3a734a7f4a0f64eb71236a323ccf
SHA512 b6bfe4e79047b4bc57f6c4acf3b2c2ef916c286b24119414b09f3dbc7d4e81ffd0a69ab176a6d2a3524a63faee316eac093c60a6c4ca1225723eb2e3cd7b89ab

memory/876-73-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/2940-72-0x0000000000400000-0x0000000000438000-memory.dmp

memory/2940-80-0x0000000000400000-0x0000000000438000-memory.dmp

memory/2432-81-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/2432-82-0x0000000000C80000-0x0000000000C93000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\DEfmJX.cfg

MD5 651c77f67dfeb3aa6be44939a4e03f43
SHA1 99cf486e4df61ec9cacc5300d834bc7c163519a4
SHA256 e29c5a8a737c184f9d0f5a0ff09213bee4c296d59c37d733be4dd5f762dd9b88
SHA512 e358afa0e1afe1162dc35a5bfb3f600ee2a02709ce20dcfaa2b7b147f98acfb40a9b134c29ffae83686385ebc7cb0e1fff28f033a7f60a5199b6c540469a441f

memory/3828-90-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/2432-93-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/3948-94-0x0000000000400000-0x0000000000438000-memory.dmp

memory/3948-101-0x0000000000400000-0x0000000000438000-memory.dmp

memory/4980-166-0x0000000000400000-0x0000000000438000-memory.dmp

memory/4176-172-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/4980-173-0x0000000000400000-0x0000000000438000-memory.dmp

memory/1056-184-0x0000000000400000-0x0000000000438000-memory.dmp

memory/1056-191-0x0000000000400000-0x0000000000438000-memory.dmp

memory/3716-197-0x0000000000400000-0x0000000000438000-memory.dmp

memory/3716-203-0x0000000000400000-0x0000000000438000-memory.dmp

memory/1164-211-0x0000000000400000-0x0000000000438000-memory.dmp

memory/2220-234-0x0000000000400000-0x0000000000438000-memory.dmp

memory/5020-245-0x0000000000400000-0x0000000000438000-memory.dmp

memory/5020-252-0x0000000000400000-0x0000000000438000-memory.dmp

memory/1256-260-0x0000000000400000-0x0000000000438000-memory.dmp

memory/3516-262-0x0000000000400000-0x0000000000438000-memory.dmp

memory/1256-271-0x0000000000400000-0x0000000000438000-memory.dmp

memory/2964-285-0x0000000000400000-0x0000000000438000-memory.dmp

memory/3712-296-0x0000000000400000-0x0000000000438000-memory.dmp

memory/5056-306-0x0000000000400000-0x0000000000438000-memory.dmp

memory/3532-318-0x0000000000400000-0x0000000000438000-memory.dmp

memory/4980-329-0x0000000000400000-0x0000000000438000-memory.dmp

memory/2136-338-0x0000000000C80000-0x0000000000C93000-memory.dmp

memory/4728-340-0x0000000000400000-0x0000000000438000-memory.dmp

memory/2988-354-0x0000000000400000-0x0000000000438000-memory.dmp

memory/3708-361-0x0000000000400000-0x0000000000438000-memory.dmp

memory/1404-373-0x0000000000400000-0x0000000000438000-memory.dmp

memory/3708-371-0x0000000000400000-0x0000000000438000-memory.dmp

memory/2144-383-0x0000000000400000-0x0000000000438000-memory.dmp

memory/4068-386-0x0000000000400000-0x0000000000438000-memory.dmp

memory/4068-392-0x0000000000400000-0x0000000000438000-memory.dmp

memory/2988-400-0x0000000000400000-0x0000000000438000-memory.dmp

memory/5148-408-0x0000000000400000-0x0000000000438000-memory.dmp

memory/5228-416-0x0000000000400000-0x0000000000438000-memory.dmp

memory/5480-424-0x0000000000400000-0x0000000000438000-memory.dmp

memory/5544-431-0x0000000000400000-0x0000000000438000-memory.dmp

memory/5544-436-0x0000000000400000-0x0000000000438000-memory.dmp

memory/5976-444-0x0000000000400000-0x0000000000438000-memory.dmp

memory/5976-450-0x0000000000400000-0x0000000000438000-memory.dmp

memory/6036-458-0x0000000000400000-0x0000000000438000-memory.dmp

memory/6120-464-0x0000000000400000-0x0000000000438000-memory.dmp

memory/4968-469-0x0000000000400000-0x0000000000438000-memory.dmp

memory/4968-475-0x0000000000400000-0x0000000000438000-memory.dmp

memory/5024-483-0x0000000000400000-0x0000000000438000-memory.dmp

memory/5384-491-0x0000000000400000-0x0000000000438000-memory.dmp

memory/2748-499-0x0000000000400000-0x0000000000438000-memory.dmp

memory/5720-507-0x0000000000400000-0x0000000000438000-memory.dmp

memory/5420-566-0x0000000000400000-0x0000000000438000-memory.dmp

memory/5500-590-0x0000000000400000-0x0000000000438000-memory.dmp

memory/2524-588-0x0000000000400000-0x0000000000438000-memory.dmp

memory/6024-602-0x0000000000400000-0x0000000000438000-memory.dmp

memory/6076-606-0x0000000000400000-0x0000000000438000-memory.dmp

memory/5500-676-0x0000000000400000-0x0000000000438000-memory.dmp

memory/4936-683-0x0000000000400000-0x0000000000438000-memory.dmp

memory/2452-693-0x0000000000400000-0x0000000000438000-memory.dmp

memory/6124-702-0x0000000000400000-0x0000000000438000-memory.dmp

memory/1080-707-0x0000000000400000-0x0000000000438000-memory.dmp

memory/6332-717-0x0000000000400000-0x0000000000438000-memory.dmp

memory/6420-725-0x0000000000400000-0x0000000000438000-memory.dmp

memory/6520-733-0x0000000000400000-0x0000000000438000-memory.dmp

memory/6944-738-0x0000000000400000-0x0000000000438000-memory.dmp

memory/6944-744-0x0000000000400000-0x0000000000438000-memory.dmp

memory/6996-748-0x0000000000400000-0x0000000000438000-memory.dmp

memory/7144-760-0x0000000000400000-0x0000000000438000-memory.dmp

memory/7164-764-0x0000000000400000-0x0000000000438000-memory.dmp

memory/6400-773-0x0000000000400000-0x0000000000438000-memory.dmp

memory/6516-786-0x0000000000400000-0x0000000000438000-memory.dmp

memory/6784-800-0x0000000000400000-0x0000000000438000-memory.dmp

memory/6884-804-0x0000000000400000-0x0000000000438000-memory.dmp

memory/7044-814-0x0000000000400000-0x0000000000438000-memory.dmp

memory/7024-822-0x0000000000400000-0x0000000000438000-memory.dmp

memory/6428-830-0x0000000000400000-0x0000000000438000-memory.dmp

memory/6584-838-0x0000000000400000-0x0000000000438000-memory.dmp

memory/6964-846-0x0000000000400000-0x0000000000438000-memory.dmp

memory/4332-854-0x0000000000400000-0x0000000000438000-memory.dmp

memory/1920-862-0x0000000000400000-0x0000000000438000-memory.dmp

memory/5908-870-0x0000000000400000-0x0000000000438000-memory.dmp

memory/7104-878-0x0000000000400000-0x0000000000438000-memory.dmp

memory/6396-886-0x0000000000400000-0x0000000000438000-memory.dmp

memory/5900-894-0x0000000000400000-0x0000000000438000-memory.dmp

memory/6204-902-0x0000000000400000-0x0000000000438000-memory.dmp

memory/6396-910-0x0000000000400000-0x0000000000438000-memory.dmp

memory/7136-918-0x0000000000400000-0x0000000000438000-memory.dmp

memory/6536-924-0x0000000000400000-0x0000000000438000-memory.dmp

memory/7288-986-0x0000000000400000-0x0000000000438000-memory.dmp

memory/7372-1002-0x0000000000400000-0x0000000000438000-memory.dmp