Malware Analysis Report

2025-01-02 02:46

Sample ID 240719-jwmbeazgpm
Target 5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118
SHA256 ed77777ed5be480b190e86aa7825db1f4b1ec2c2b38d06da11ec49f4b8776cea
Tags
xtremerat persistence rat spyware upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

ed77777ed5be480b190e86aa7825db1f4b1ec2c2b38d06da11ec49f4b8776cea

Threat Level: Known bad

The file 5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

xtremerat persistence rat spyware upx

XtremeRAT

Detect XtremeRAT payload

Boot or Logon Autostart Execution: Active Setup

Loads dropped DLL

Executes dropped EXE

Checks computer location settings

UPX packed file

Adds Run key to start application

Suspicious use of SetThreadContext

Drops file in Windows directory

Unsigned PE

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-19 08:01

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-19 08:01

Reported

2024-07-19 08:03

Platform

win7-20240704-en

Max time kernel

150s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe"

Signatures

Detect XtremeRAT payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

XtremeRAT

persistence spyware rat xtremerat

Boot or Logon Autostart Execution: Active Setup

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\server.exe restart" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\server.exe restart" C:\Windows\InstallDir\server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\server.exe restart" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\server.exe restart" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\server.exe restart" C:\Windows\InstallDir\server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\server.exe restart" C:\Windows\InstallDir\server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\server.exe restart" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\server.exe restart" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\server.exe restart" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\server.exe restart" C:\Windows\InstallDir\server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\server.exe restart" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\server.exe restart" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\server.exe restart" C:\Windows\InstallDir\server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\server.exe restart" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\server.exe restart" C:\Windows\InstallDir\server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\server.exe restart" C:\Windows\InstallDir\server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\server.exe restart" C:\Windows\InstallDir\server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\server.exe restart" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\server.exe restart" C:\Windows\InstallDir\server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\server.exe restart" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\server.exe restart" C:\Windows\InstallDir\server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\server.exe restart" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\server.exe restart" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\server.exe restart" C:\Windows\InstallDir\server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\server.exe restart" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\server.exe restart" C:\Windows\InstallDir\server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\server.exe restart" C:\Windows\InstallDir\server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\server.exe restart" C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\server.exe restart" C:\Windows\InstallDir\server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\server.exe restart" C:\Windows\InstallDir\server.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\server.exe" C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\server.exe" C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 2072 set thread context of 2164 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe
PID 2904 set thread context of 2584 N/A C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe
PID 624 set thread context of 2576 N/A C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe
PID 1784 set thread context of 568 N/A C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe
PID 2196 set thread context of 1988 N/A C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe
PID 1512 set thread context of 1352 N/A C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe
PID 2240 set thread context of 1612 N/A C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe
PID 2680 set thread context of 2192 N/A C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe
PID 2532 set thread context of 2660 N/A C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe
PID 2284 set thread context of 2576 N/A C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe
PID 956 set thread context of 1268 N/A C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe
PID 1620 set thread context of 544 N/A C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe
PID 3008 set thread context of 2936 N/A C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe
PID 1136 set thread context of 2548 N/A C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe
PID 848 set thread context of 1940 N/A C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe
PID 236 set thread context of 1540 N/A C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe
PID 2792 set thread context of 1976 N/A C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe
PID 2128 set thread context of 2548 N/A C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe
PID 1544 set thread context of 3000 N/A C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe
PID 2640 set thread context of 2532 N/A C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe
PID 2548 set thread context of 1352 N/A C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe
PID 2220 set thread context of 912 N/A C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe
PID 2828 set thread context of 280 N/A C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe
PID 112 set thread context of 2560 N/A C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe
PID 2072 set thread context of 3112 N/A C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe
PID 3272 set thread context of 3312 N/A C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe
PID 3468 set thread context of 3508 N/A C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe
PID 3664 set thread context of 3700 N/A C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe
PID 3856 set thread context of 3896 N/A C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe
PID 4064 set thread context of 280 N/A C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe N/A
File opened for modification C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe N/A
File opened for modification C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe N/A
File opened for modification C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe N/A
File opened for modification C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe N/A
File opened for modification C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe N/A
File opened for modification C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe N/A
File opened for modification C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe N/A
File opened for modification C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe N/A
File opened for modification C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe N/A
File opened for modification C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe N/A
File opened for modification C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe N/A
File opened for modification C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe N/A
File opened for modification C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe N/A
File opened for modification C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe N/A
File opened for modification C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe N/A
File opened for modification C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe N/A
File opened for modification C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe N/A
File created C:\Windows\InstallDir\server.exe C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe N/A
File opened for modification C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe N/A
File opened for modification C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe N/A
File opened for modification C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe N/A
File opened for modification C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe N/A
File opened for modification C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe N/A
File opened for modification C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe N/A
File opened for modification C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe N/A
File opened for modification C:\Windows\InstallDir\server.exe C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe N/A
File opened for modification C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe N/A
File opened for modification C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe N/A

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2072 wrote to memory of 2164 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe
PID 2072 wrote to memory of 2164 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe
PID 2072 wrote to memory of 2164 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe
PID 2072 wrote to memory of 2164 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe
PID 2072 wrote to memory of 2164 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe
PID 2072 wrote to memory of 2164 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe
PID 2072 wrote to memory of 2164 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe
PID 2072 wrote to memory of 2164 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe
PID 2164 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2164 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2164 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2164 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2164 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2164 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2164 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2164 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2164 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2164 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2164 wrote to memory of 2280 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2164 wrote to memory of 2280 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2164 wrote to memory of 2280 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2164 wrote to memory of 2280 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2164 wrote to memory of 2280 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2164 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2164 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2164 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2164 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2164 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2164 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2164 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2164 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2164 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2164 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2164 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2164 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2164 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2164 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2164 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2164 wrote to memory of 2028 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2164 wrote to memory of 2028 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2164 wrote to memory of 2028 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2164 wrote to memory of 2028 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2164 wrote to memory of 2028 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2164 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2164 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2164 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2164 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2164 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Windows\InstallDir\server.exe
PID 2164 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Windows\InstallDir\server.exe
PID 2164 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Windows\InstallDir\server.exe
PID 2164 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Windows\InstallDir\server.exe
PID 2904 wrote to memory of 2584 N/A C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe
PID 2904 wrote to memory of 2584 N/A C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe
PID 2904 wrote to memory of 2584 N/A C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe
PID 2904 wrote to memory of 2584 N/A C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe
PID 2904 wrote to memory of 2584 N/A C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe
PID 2904 wrote to memory of 2584 N/A C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe
PID 2904 wrote to memory of 2584 N/A C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe
PID 2904 wrote to memory of 2584 N/A C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe
PID 2584 wrote to memory of 2832 N/A C:\Windows\InstallDir\server.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2584 wrote to memory of 2832 N/A C:\Windows\InstallDir\server.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2584 wrote to memory of 2832 N/A C:\Windows\InstallDir\server.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2584 wrote to memory of 2832 N/A C:\Windows\InstallDir\server.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2584 wrote to memory of 2832 N/A C:\Windows\InstallDir\server.exe C:\Program Files\Internet Explorer\iexplore.exe

Processes

C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

Network

N/A

Files

memory/2072-0-0x0000000000400000-0x000000000043F000-memory.dmp

memory/2164-3-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/2164-6-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

memory/2164-13-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/2072-15-0x0000000000400000-0x000000000043F000-memory.dmp

memory/2164-12-0x0000000000400000-0x000000000043F000-memory.dmp

memory/2164-11-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/2072-10-0x00000000004C0000-0x00000000004FF000-memory.dmp

memory/2164-8-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/2164-5-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/2164-4-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/2164-16-0x0000000000C80000-0x0000000000C95000-memory.dmp

\Windows\InstallDir\server.exe

MD5 5b159efc4dd7d25b50cba81b276c651d
SHA1 54f9aab04c0c7049cc8dc78d731b16ab359cbc0d
SHA256 ed77777ed5be480b190e86aa7825db1f4b1ec2c2b38d06da11ec49f4b8776cea
SHA512 141a4a43efb94bcf8b37032d8168d03edda9bd0bf8e411200aa0f1d7d48fecfe09dba3725db55ac2fd4c8bcbb1f36b5336d2d69c9cdd2ceb327fdd8878775b9f

memory/2164-27-0x0000000002700000-0x000000000273F000-memory.dmp

memory/2904-30-0x0000000000400000-0x000000000043F000-memory.dmp

memory/2164-28-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/2904-38-0x0000000000840000-0x000000000087F000-memory.dmp

memory/2584-48-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/2904-46-0x0000000000400000-0x000000000043F000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\((Mutex)).cfg

MD5 99ebc5f2b6b8cff92c04cafc1944833f
SHA1 c552e666fb4cbba1181700f157972b28fbfa0333
SHA256 c9a5331cef39b19dd50fb834a64f887aedd416de1c8a0ba72248368d31f004f6
SHA512 14ed42aa7845fc5d6635556d9bc667ac9c38df72a074838253ae418cb9a1220aec30bf6314c13d1acffbe485663441e02998ef6267ca6be3892f7dfa32307dcf

memory/2584-51-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/624-65-0x0000000000400000-0x000000000043F000-memory.dmp

memory/2576-66-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/2576-69-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/1784-85-0x0000000000400000-0x000000000043F000-memory.dmp

memory/2196-102-0x0000000000400000-0x000000000043F000-memory.dmp

memory/1512-120-0x0000000000400000-0x000000000043F000-memory.dmp

memory/2240-137-0x0000000000400000-0x000000000043F000-memory.dmp

memory/2532-171-0x0000000000400000-0x000000000043F000-memory.dmp

memory/2284-189-0x0000000000400000-0x000000000043F000-memory.dmp

memory/956-206-0x0000000000400000-0x000000000043F000-memory.dmp

memory/1620-224-0x0000000000400000-0x000000000043F000-memory.dmp

memory/3008-241-0x0000000000400000-0x000000000043F000-memory.dmp

memory/1136-259-0x0000000000400000-0x000000000043F000-memory.dmp

memory/848-276-0x0000000000400000-0x000000000043F000-memory.dmp

memory/2792-310-0x0000000000400000-0x000000000043F000-memory.dmp

memory/2128-328-0x0000000000400000-0x000000000043F000-memory.dmp

memory/2640-362-0x0000000000400000-0x000000000043F000-memory.dmp

memory/2548-367-0x0000000000400000-0x000000000043F000-memory.dmp

memory/2548-380-0x0000000000400000-0x000000000043F000-memory.dmp

memory/2220-398-0x0000000000400000-0x000000000043F000-memory.dmp

memory/2828-415-0x0000000000400000-0x000000000043F000-memory.dmp

memory/112-433-0x0000000000400000-0x000000000043F000-memory.dmp

memory/3272-465-0x0000000000400000-0x000000000043F000-memory.dmp

memory/3468-480-0x0000000000400000-0x000000000043F000-memory.dmp

memory/3664-497-0x0000000000400000-0x000000000043F000-memory.dmp

memory/3856-513-0x0000000000400000-0x000000000043F000-memory.dmp

memory/4064-529-0x0000000000400000-0x000000000043F000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-07-19 08:01

Reported

2024-07-19 08:03

Platform

win10v2004-20240709-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe"

Signatures

Detect XtremeRAT payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

XtremeRAT

persistence spyware rat xtremerat

Boot or Logon Autostart Execution: Active Setup

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\server.exe restart" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\server.exe restart" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\server.exe restart" C:\Windows\InstallDir\server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\server.exe restart" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\server.exe restart" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\server.exe restart" C:\Windows\InstallDir\server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\server.exe restart" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\server.exe restart" C:\Windows\InstallDir\server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\server.exe restart" C:\Windows\InstallDir\server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\server.exe restart" C:\Windows\InstallDir\server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\server.exe restart" C:\Windows\InstallDir\server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\server.exe restart" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\server.exe restart" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\server.exe restart" C:\Windows\InstallDir\server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\server.exe restart" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\server.exe restart" C:\Windows\InstallDir\server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\server.exe restart" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\server.exe restart" C:\Windows\InstallDir\server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\server.exe restart" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\server.exe restart" C:\Windows\InstallDir\server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\server.exe restart" C:\Windows\InstallDir\server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\server.exe restart" C:\Windows\InstallDir\server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\server.exe restart" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\server.exe restart" C:\Windows\InstallDir\server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\server.exe restart" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\server.exe restart" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\server.exe restart" C:\Windows\InstallDir\server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\server.exe restart" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\server.exe restart" C:\Windows\InstallDir\server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\server.exe restart" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\server.exe restart" C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\InstallDir\server.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation C:\Windows\InstallDir\server.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\server.exe" C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\server.exe" C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\server.exe" C:\Windows\InstallDir\server.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 4572 set thread context of 3796 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe
PID 3296 set thread context of 1492 N/A C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe
PID 4596 set thread context of 1240 N/A C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe
PID 3624 set thread context of 1456 N/A C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe
PID 5024 set thread context of 1608 N/A C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe
PID 5052 set thread context of 3292 N/A C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe
PID 1556 set thread context of 4268 N/A C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe
PID 4608 set thread context of 5096 N/A C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe
PID 1608 set thread context of 4396 N/A C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe
PID 4564 set thread context of 5000 N/A C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe
PID 4988 set thread context of 764 N/A C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe
PID 2716 set thread context of 5076 N/A C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe
PID 4184 set thread context of 4016 N/A C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe
PID 1080 set thread context of 3736 N/A C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe
PID 3904 set thread context of 3612 N/A C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe
PID 3756 set thread context of 4440 N/A C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe
PID 1116 set thread context of 3380 N/A C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe
PID 3784 set thread context of 2280 N/A C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe
PID 2456 set thread context of 1092 N/A C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe
PID 1116 set thread context of 3996 N/A C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe
PID 1860 set thread context of 1944 N/A C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe
PID 5568 set thread context of 5612 N/A C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe
PID 5772 set thread context of 5812 N/A C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe
PID 5960 set thread context of 6000 N/A C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe
PID 3716 set thread context of 1412 N/A C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe
PID 5208 set thread context of 5288 N/A C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe
PID 5408 set thread context of 5496 N/A C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe
PID 5668 set thread context of 5396 N/A C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe
PID 6032 set thread context of 6044 N/A C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe
PID 4500 set thread context of 5636 N/A C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe
PID 4044 set thread context of 5956 N/A C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe N/A
File opened for modification C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe N/A
File opened for modification C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe N/A
File opened for modification C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe N/A
File opened for modification C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe N/A
File opened for modification C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe N/A
File opened for modification C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe N/A
File opened for modification C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe N/A
File opened for modification C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe N/A
File opened for modification C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe N/A
File opened for modification C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe N/A
File opened for modification C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe N/A
File opened for modification C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe N/A
File opened for modification C:\Windows\InstallDir\server.exe C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe N/A
File opened for modification C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe N/A
File opened for modification C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe N/A
File opened for modification C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe N/A
File opened for modification C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe N/A
File opened for modification C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe N/A
File opened for modification C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe N/A
File opened for modification C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe N/A
File opened for modification C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe N/A
File opened for modification C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe N/A
File opened for modification C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe N/A
File opened for modification C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe N/A
File created C:\Windows\InstallDir\server.exe C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe N/A
File opened for modification C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe N/A
File opened for modification C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe N/A
File opened for modification C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe N/A
File opened for modification C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe N/A
File opened for modification C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe N/A

Enumerates physical storage devices

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A
N/A N/A C:\Windows\InstallDir\server.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4572 wrote to memory of 3796 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe
PID 4572 wrote to memory of 3796 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe
PID 4572 wrote to memory of 3796 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe
PID 4572 wrote to memory of 3796 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe
PID 4572 wrote to memory of 3796 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe
PID 4572 wrote to memory of 3796 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe
PID 4572 wrote to memory of 3796 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe
PID 4572 wrote to memory of 3796 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe
PID 3796 wrote to memory of 1616 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3796 wrote to memory of 1616 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3796 wrote to memory of 1616 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3796 wrote to memory of 388 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3796 wrote to memory of 388 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3796 wrote to memory of 388 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3796 wrote to memory of 3860 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3796 wrote to memory of 3860 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3796 wrote to memory of 3860 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3796 wrote to memory of 2096 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3796 wrote to memory of 2096 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3796 wrote to memory of 2096 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3796 wrote to memory of 1344 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3796 wrote to memory of 1344 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3796 wrote to memory of 1344 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3796 wrote to memory of 4704 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3796 wrote to memory of 4704 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3796 wrote to memory of 4704 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3796 wrote to memory of 4152 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3796 wrote to memory of 4152 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3796 wrote to memory of 4152 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3796 wrote to memory of 1732 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3796 wrote to memory of 1732 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3796 wrote to memory of 3296 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Windows\InstallDir\server.exe
PID 3796 wrote to memory of 3296 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Windows\InstallDir\server.exe
PID 3796 wrote to memory of 3296 N/A C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe C:\Windows\InstallDir\server.exe
PID 3296 wrote to memory of 1492 N/A C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe
PID 3296 wrote to memory of 1492 N/A C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe
PID 3296 wrote to memory of 1492 N/A C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe
PID 3296 wrote to memory of 1492 N/A C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe
PID 3296 wrote to memory of 1492 N/A C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe
PID 3296 wrote to memory of 1492 N/A C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe
PID 3296 wrote to memory of 1492 N/A C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe
PID 3296 wrote to memory of 1492 N/A C:\Windows\InstallDir\server.exe C:\Windows\InstallDir\server.exe
PID 1492 wrote to memory of 888 N/A C:\Windows\InstallDir\server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 888 N/A C:\Windows\InstallDir\server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 888 N/A C:\Windows\InstallDir\server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 4508 N/A C:\Windows\InstallDir\server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 4508 N/A C:\Windows\InstallDir\server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 4508 N/A C:\Windows\InstallDir\server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 3900 N/A C:\Windows\InstallDir\server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 3900 N/A C:\Windows\InstallDir\server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 3900 N/A C:\Windows\InstallDir\server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 4944 N/A C:\Windows\InstallDir\server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 4944 N/A C:\Windows\InstallDir\server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 4944 N/A C:\Windows\InstallDir\server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 1648 N/A C:\Windows\InstallDir\server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 1648 N/A C:\Windows\InstallDir\server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 1648 N/A C:\Windows\InstallDir\server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 4380 N/A C:\Windows\InstallDir\server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 4380 N/A C:\Windows\InstallDir\server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 4380 N/A C:\Windows\InstallDir\server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 1820 N/A C:\Windows\InstallDir\server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 1820 N/A C:\Windows\InstallDir\server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 1820 N/A C:\Windows\InstallDir\server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 3856 N/A C:\Windows\InstallDir\server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5b159efc4dd7d25b50cba81b276c651d_JaffaCakes118.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Windows\InstallDir\server.exe

"C:\Windows\InstallDir\server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 udp

Files

memory/4572-0-0x0000000000400000-0x000000000043F000-memory.dmp

memory/3796-3-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/4572-5-0x0000000000400000-0x000000000043F000-memory.dmp

memory/3796-6-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/3796-8-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/3796-7-0x0000000000C80000-0x0000000000C95000-memory.dmp

C:\Windows\InstallDir\server.exe

MD5 5b159efc4dd7d25b50cba81b276c651d
SHA1 54f9aab04c0c7049cc8dc78d731b16ab359cbc0d
SHA256 ed77777ed5be480b190e86aa7825db1f4b1ec2c2b38d06da11ec49f4b8776cea
SHA512 141a4a43efb94bcf8b37032d8168d03edda9bd0bf8e411200aa0f1d7d48fecfe09dba3725db55ac2fd4c8bcbb1f36b5336d2d69c9cdd2ceb327fdd8878775b9f

memory/3796-22-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/1492-28-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/3296-30-0x0000000000400000-0x000000000043F000-memory.dmp

memory/1492-31-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/1492-32-0x0000000000C80000-0x0000000000C95000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\((Mutex)).cfg

MD5 99ebc5f2b6b8cff92c04cafc1944833f
SHA1 c552e666fb4cbba1181700f157972b28fbfa0333
SHA256 c9a5331cef39b19dd50fb834a64f887aedd416de1c8a0ba72248368d31f004f6
SHA512 14ed42aa7845fc5d6635556d9bc667ac9c38df72a074838253ae418cb9a1220aec30bf6314c13d1acffbe485663441e02998ef6267ca6be3892f7dfa32307dcf

memory/1492-37-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/4596-38-0x0000000000400000-0x000000000043F000-memory.dmp

memory/4596-46-0x0000000000400000-0x000000000043F000-memory.dmp

memory/3624-51-0x0000000000400000-0x000000000043F000-memory.dmp

memory/1456-56-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/1456-57-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/3624-59-0x0000000000400000-0x000000000043F000-memory.dmp

memory/5024-71-0x0000000000400000-0x000000000043F000-memory.dmp

memory/5052-76-0x0000000000400000-0x000000000043F000-memory.dmp

memory/5052-84-0x0000000000400000-0x000000000043F000-memory.dmp

memory/1556-89-0x0000000000400000-0x000000000043F000-memory.dmp

memory/1556-97-0x0000000000400000-0x000000000043F000-memory.dmp

memory/4608-108-0x0000000000400000-0x000000000043F000-memory.dmp

memory/1608-113-0x0000000000400000-0x000000000043F000-memory.dmp

memory/1608-121-0x0000000000400000-0x000000000043F000-memory.dmp

memory/4564-126-0x0000000000400000-0x000000000043F000-memory.dmp

memory/4564-132-0x0000000000400000-0x000000000043F000-memory.dmp

memory/4988-146-0x0000000000400000-0x000000000043F000-memory.dmp

memory/2716-152-0x0000000000400000-0x000000000043F000-memory.dmp

memory/2716-159-0x0000000000400000-0x000000000043F000-memory.dmp

memory/4184-164-0x0000000000400000-0x000000000043F000-memory.dmp

memory/4184-172-0x0000000000400000-0x000000000043F000-memory.dmp

memory/1080-177-0x0000000000400000-0x000000000043F000-memory.dmp

memory/1080-185-0x0000000000400000-0x000000000043F000-memory.dmp

memory/3904-197-0x0000000000400000-0x000000000043F000-memory.dmp

memory/3756-202-0x0000000000400000-0x000000000043F000-memory.dmp

memory/4440-207-0x0000000000C80000-0x0000000000C95000-memory.dmp

memory/3756-210-0x0000000000400000-0x000000000043F000-memory.dmp

memory/1116-215-0x0000000000400000-0x000000000043F000-memory.dmp

memory/1116-223-0x0000000000400000-0x000000000043F000-memory.dmp

memory/3784-228-0x0000000000400000-0x000000000043F000-memory.dmp

memory/3784-236-0x0000000000400000-0x000000000043F000-memory.dmp

memory/2456-241-0x0000000000400000-0x000000000043F000-memory.dmp

memory/2456-247-0x0000000000400000-0x000000000043F000-memory.dmp

memory/1116-254-0x0000000000400000-0x000000000043F000-memory.dmp

memory/1116-262-0x0000000000400000-0x000000000043F000-memory.dmp

memory/1860-273-0x0000000000400000-0x000000000043F000-memory.dmp

memory/5568-286-0x0000000000400000-0x000000000043F000-memory.dmp

memory/5772-290-0x0000000000400000-0x000000000043F000-memory.dmp

memory/5772-297-0x0000000000400000-0x000000000043F000-memory.dmp

memory/5960-300-0x0000000000400000-0x000000000043F000-memory.dmp

memory/5960-306-0x0000000000400000-0x000000000043F000-memory.dmp

memory/3716-310-0x0000000000400000-0x000000000043F000-memory.dmp

memory/3716-317-0x0000000000400000-0x000000000043F000-memory.dmp

memory/5208-320-0x0000000000400000-0x000000000043F000-memory.dmp

memory/5208-327-0x0000000000400000-0x000000000043F000-memory.dmp

memory/5408-336-0x0000000000400000-0x000000000043F000-memory.dmp

memory/5668-339-0x0000000000400000-0x000000000043F000-memory.dmp

memory/5668-346-0x0000000000400000-0x000000000043F000-memory.dmp

memory/6032-349-0x0000000000400000-0x000000000043F000-memory.dmp

memory/6032-356-0x0000000000400000-0x000000000043F000-memory.dmp

memory/4500-364-0x0000000000400000-0x000000000043F000-memory.dmp

memory/4044-373-0x0000000000400000-0x000000000043F000-memory.dmp