Malware Analysis Report

2025-01-02 02:46

Sample ID 240719-ncmv2syamm
Target 5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118
SHA256 3fd5c605839d254e2a8d07123b923e0ddb798d15d06ebbc936288d1e14d79bda
Tags
xtremerat persistence rat spyware upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

3fd5c605839d254e2a8d07123b923e0ddb798d15d06ebbc936288d1e14d79bda

Threat Level: Known bad

The file 5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

xtremerat persistence rat spyware upx

XtremeRAT

Detect XtremeRAT payload

Boot or Logon Autostart Execution: Active Setup

UPX packed file

Loads dropped DLL

Executes dropped EXE

Checks computer location settings

Adds Run key to start application

Drops file in System32 directory

Suspicious use of SetThreadContext

Enumerates physical storage devices

Unsigned PE

Suspicious use of WriteProcessMemory

Modifies registry class

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-19 11:15

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-19 11:15

Reported

2024-07-19 11:17

Platform

win7-20240708-en

Max time kernel

150s

Max time network

17s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe"

Signatures

Detect XtremeRAT payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

XtremeRAT

persistence spyware rat xtremerat

Boot or Logon Autostart Execution: Active Setup

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\system32\\InstallDir\\Server.exe restart" C:\Windows\SysWOW64\svchost.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe restart" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\SysWOW64\svchost.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe restart" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\system32\\InstallDir\\Server.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\system32\\InstallDir\\Server.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe restart" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe restart" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe restart" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\system32\\InstallDir\\Server.exe restart" C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe restart" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe restart" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe restart" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe restart" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\system32\\InstallDir\\Server.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe restart" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe restart" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe restart" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe restart" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe restart" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe restart" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe restart" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe restart" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe restart" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\system32\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\system32\\InstallDir\\Server.exe" C:\Windows\SysWOW64\svchost.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\system32\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\system32\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\system32\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\system32\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\system32\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\system32\\InstallDir\\Server.exe" C:\Windows\SysWOW64\svchost.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\system32\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\system32\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\system32\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\system32\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\system32\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\system32\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\ C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\ C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\ C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\ C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\ C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\ C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\ C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\ C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\ C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\ C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\ C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\ C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\ C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\ C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 3060 set thread context of 1384 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe
PID 2716 set thread context of 2976 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 1712 set thread context of 2580 N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe
PID 2076 set thread context of 1920 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 3008 set thread context of 696 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 2068 set thread context of 2116 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 1936 set thread context of 1928 N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe
PID 1308 set thread context of 2600 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 2320 set thread context of 2176 N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe
PID 2620 set thread context of 2312 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 1672 set thread context of 2448 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 2268 set thread context of 1304 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 316 set thread context of 2564 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 2696 set thread context of 748 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 1776 set thread context of 1792 N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe
PID 1548 set thread context of 1360 N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe
PID 2532 set thread context of 1972 N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe
PID 1660 set thread context of 1604 N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe
PID 1608 set thread context of 1052 N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe
PID 1628 set thread context of 780 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 980 set thread context of 2788 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 1092 set thread context of 2580 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 576 set thread context of 892 N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe
PID 1500 set thread context of 2680 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 572 set thread context of 2160 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 1620 set thread context of 3092 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 3112 set thread context of 3140 N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe
PID 3220 set thread context of 3244 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 3468 set thread context of 3492 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 3504 set thread context of 3540 N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe
PID 3624 set thread context of 3648 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 3708 set thread context of 3732 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 3928 set thread context of 3948 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 3960 set thread context of 3988 N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe
PID 3080 set thread context of 1992 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 3096 set thread context of 3188 N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe
PID 3180 set thread context of 3500 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 3620 set thread context of 3636 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 3908 set thread context of 3604 N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe
PID 1900 set thread context of 2608 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 4028 set thread context of 3396 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 3252 set thread context of 3548 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 1896 set thread context of 1908 N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe
PID 4036 set thread context of 2608 N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe
PID 3452 set thread context of 3144 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 3500 set thread context of 3520 N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe
PID 3716 set thread context of 3272 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 4104 set thread context of 4124 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 4192 set thread context of 4208 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 4400 set thread context of 4428 N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe
PID 4468 set thread context of 4488 N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe
PID 4596 set thread context of 4612 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 4792 set thread context of 4812 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 4904 set thread context of 4924 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 4932 set thread context of 4960 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 4224 set thread context of 4356 N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe
PID 4236 set thread context of 4152 N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe
PID 4448 set thread context of 4480 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 4780 set thread context of 4832 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 4612 set thread context of 4904 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 4960 set thread context of 4240 N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe
PID 4128 set thread context of 4228 N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe
PID 4788 set thread context of 4408 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 4912 set thread context of 4832 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe

Enumerates physical storage devices

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3060 wrote to memory of 1384 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe
PID 3060 wrote to memory of 1384 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe
PID 3060 wrote to memory of 1384 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe
PID 3060 wrote to memory of 1384 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe
PID 3060 wrote to memory of 1384 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe
PID 3060 wrote to memory of 1384 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe
PID 3060 wrote to memory of 1384 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe
PID 3060 wrote to memory of 1384 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe
PID 3060 wrote to memory of 1384 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe
PID 1384 wrote to memory of 2036 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Windows\SysWOW64\svchost.exe
PID 1384 wrote to memory of 2036 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Windows\SysWOW64\svchost.exe
PID 1384 wrote to memory of 2036 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Windows\SysWOW64\svchost.exe
PID 1384 wrote to memory of 2036 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Windows\SysWOW64\svchost.exe
PID 1384 wrote to memory of 2036 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Windows\SysWOW64\svchost.exe
PID 1384 wrote to memory of 2040 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1384 wrote to memory of 2040 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1384 wrote to memory of 2040 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1384 wrote to memory of 2040 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1384 wrote to memory of 2040 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1384 wrote to memory of 2912 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1384 wrote to memory of 2912 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1384 wrote to memory of 2912 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1384 wrote to memory of 2912 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1384 wrote to memory of 2912 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1384 wrote to memory of 2960 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1384 wrote to memory of 2960 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1384 wrote to memory of 2960 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1384 wrote to memory of 2960 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1384 wrote to memory of 2960 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1384 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1384 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1384 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1384 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1384 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1384 wrote to memory of 2232 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1384 wrote to memory of 2232 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1384 wrote to memory of 2232 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1384 wrote to memory of 2232 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1384 wrote to memory of 2232 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1384 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1384 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1384 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1384 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1384 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1384 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1384 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1384 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1384 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1384 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1384 wrote to memory of 2816 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1384 wrote to memory of 2816 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1384 wrote to memory of 2816 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1384 wrote to memory of 2816 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1384 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 1384 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 1384 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 1384 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 2716 wrote to memory of 2976 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 2716 wrote to memory of 2976 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 2716 wrote to memory of 2976 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 2716 wrote to memory of 2976 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 2716 wrote to memory of 2976 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 2716 wrote to memory of 2976 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 2716 wrote to memory of 2976 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe

Processes

C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe

C:\Windows\SysWOW64\svchost.exe

svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\SysWOW64\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\SysWOW64\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\SysWOW64\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\SysWOW64\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\SysWOW64\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\SysWOW64\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\SysWOW64\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\SysWOW64\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\SysWOW64\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\SysWOW64\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\SysWOW64\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\SysWOW64\InstallDir\Server.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\SysWOW64\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\SysWOW64\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\SysWOW64\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\SysWOW64\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\SysWOW64\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\SysWOW64\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\SysWOW64\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\SysWOW64\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\SysWOW64\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\SysWOW64\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

Network

N/A

Files

memory/1384-2-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/1384-4-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/1384-5-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/1384-6-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/2036-15-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/2036-14-0x0000000000C80000-0x0000000000C96000-memory.dmp

C:\Windows\SysWOW64\InstallDir\Server.exe

MD5 5bb4ce20ccbd7dbea1edbcb0a493cde4
SHA1 a241adc9c026615a7fe8f739170ac9689c9a12aa
SHA256 3fd5c605839d254e2a8d07123b923e0ddb798d15d06ebbc936288d1e14d79bda
SHA512 a4168f7b20a98ab96d395b8a156562c83c8383990b4e6f0844911871fd837b210ae27d6a01cca15c35b796a25eaad3b588a42823c2f1ec89d9580bf844c0f657

memory/1384-20-0x0000000000C80000-0x0000000000C96000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\((Mutex)).cfg

MD5 cd72580f912a18f1e42dfdfff0b48cad
SHA1 e8fac5a0312478eda401aea88941566d2bf297f0
SHA256 17ca79bbb83318934b4638094adf742e93509f326d5439a06a4458e8e0c132e1
SHA512 9df3a81faeb9dfc2e046715ce9157ec3dfdabca298f38a9050bad780e9db9eb010f4e10d1104077cced14089f2065f8f307e48b1c95833ebab98be1af33a2356

\??\PIPE\srvsvc

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

MD5 76e45c3cd741c10ae200431736050414
SHA1 9395c2ecfab2cb562384aa891173c48a99d944cf
SHA256 b53370fc082d0e5a39049e46ab387e5b8fc92582c8b97d5da45b5b9ff581d05a
SHA512 8d412cde78245383cc55522c74ae580d785330b164fd38802c29927a4c21e6e6a8f7a9e740dfcfe6c4771352decf71e2211c4ef4deaf063c3e7e1fd36c6419ed

Analysis: behavioral2

Detonation Overview

Submitted

2024-07-19 11:15

Reported

2024-07-19 11:17

Platform

win10v2004-20240709-en

Max time kernel

149s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe"

Signatures

Detect XtremeRAT payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

XtremeRAT

persistence spyware rat xtremerat

Boot or Logon Autostart Execution: Active Setup

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe restart" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe restart" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe restart" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe restart" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe restart" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\system32\\InstallDir\\Server.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe restart" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe restart" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe restart" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe restart" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe restart" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe restart" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe restart" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe restart" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe restart" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe restart" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe restart" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe restart" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe restart" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe restart" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe restart" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe restart" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe restart" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe restart" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\system32\\InstallDir\\Server.exe restart" C:\Windows\SysWOW64\svchost.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\Server.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\system32\\InstallDir\\Server.exe" C:\Windows\SysWOW64\svchost.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\system32\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\ C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\ C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\ C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\ C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\ C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\ C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\ C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\ C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\ C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\ C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\ C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\ C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 3448 set thread context of 1556 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe
PID 4852 set thread context of 4100 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 2544 set thread context of 3300 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 4992 set thread context of 804 N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe
PID 1684 set thread context of 2508 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 960 set thread context of 1856 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 4512 set thread context of 2100 N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe
PID 1844 set thread context of 4756 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 5016 set thread context of 4132 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 2672 set thread context of 4240 N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe
PID 3400 set thread context of 3444 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 1888 set thread context of 2100 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 3508 set thread context of 4768 N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe
PID 2816 set thread context of 1744 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 2600 set thread context of 2504 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 3008 set thread context of 1456 N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe
PID 3832 set thread context of 376 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 4496 set thread context of 1064 N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe
PID 3876 set thread context of 2600 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 1396 set thread context of 4516 N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe
PID 1200 set thread context of 4396 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 804 set thread context of 4496 N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe
PID 1360 set thread context of 636 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 4988 set thread context of 1936 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 1960 set thread context of 1856 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 1360 set thread context of 3408 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 2780 set thread context of 3088 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 4456 set thread context of 1484 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 1932 set thread context of 232 N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe
PID 1020 set thread context of 2352 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 4036 set thread context of 4560 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 2276 set thread context of 628 N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe
PID 3060 set thread context of 5156 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 5164 set thread context of 5208 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 5364 set thread context of 5388 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 5456 set thread context of 5484 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 5716 set thread context of 5740 N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe
PID 5752 set thread context of 5812 N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe
PID 5776 set thread context of 5836 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 6084 set thread context of 6124 N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe
PID 2984 set thread context of 4020 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 5356 set thread context of 5384 N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe
PID 544 set thread context of 6136 N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe
PID 4428 set thread context of 5464 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 5512 set thread context of 5788 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 5812 set thread context of 5264 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 5524 set thread context of 5884 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 5928 set thread context of 5376 N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe
PID 5696 set thread context of 5912 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 5420 set thread context of 5928 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 5400 set thread context of 5424 N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe
PID 5928 set thread context of 3824 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 6148 set thread context of 6176 N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe
PID 6368 set thread context of 6392 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 6452 set thread context of 6516 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 6492 set thread context of 6524 N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe
PID 6756 set thread context of 6816 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 6908 set thread context of 6932 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 6940 set thread context of 6984 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 5144 set thread context of 6380 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 6332 set thread context of 6180 N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe
PID 6460 set thread context of 6596 N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe
PID 2516 set thread context of 692 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 3176 set thread context of 7020 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\svchost.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3448 wrote to memory of 1556 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe
PID 3448 wrote to memory of 1556 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe
PID 3448 wrote to memory of 1556 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe
PID 3448 wrote to memory of 1556 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe
PID 3448 wrote to memory of 1556 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe
PID 3448 wrote to memory of 1556 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe
PID 3448 wrote to memory of 1556 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe
PID 3448 wrote to memory of 1556 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe
PID 1556 wrote to memory of 5064 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Windows\SysWOW64\svchost.exe
PID 1556 wrote to memory of 5064 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Windows\SysWOW64\svchost.exe
PID 1556 wrote to memory of 5064 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Windows\SysWOW64\svchost.exe
PID 1556 wrote to memory of 5064 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Windows\SysWOW64\svchost.exe
PID 1556 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 1704 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 1972 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 1972 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 1972 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 2952 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 2952 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 2952 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 1620 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 1620 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 1620 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 4392 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 4392 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 4392 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 4068 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 4068 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 4852 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 1556 wrote to memory of 4852 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 1556 wrote to memory of 4852 N/A C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 4852 wrote to memory of 4100 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 4852 wrote to memory of 4100 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 4852 wrote to memory of 4100 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 4852 wrote to memory of 4100 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 4852 wrote to memory of 4100 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 4852 wrote to memory of 4100 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 4852 wrote to memory of 4100 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 4852 wrote to memory of 4100 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 4100 wrote to memory of 4908 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 4908 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 4908 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 2860 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 2860 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 2860 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 5012 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 5012 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 5012 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 964 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 964 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 964 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 3796 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 3796 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 3796 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 2156 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 2156 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4100 wrote to memory of 2156 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5bb4ce20ccbd7dbea1edbcb0a493cde4_JaffaCakes118.exe

C:\Windows\SysWOW64\svchost.exe

svchost.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\SysWOW64\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\SysWOW64\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\SysWOW64\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\SysWOW64\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\SysWOW64\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\SysWOW64\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\SysWOW64\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\SysWOW64\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\SysWOW64\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\SysWOW64\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\SysWOW64\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\SysWOW64\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\SysWOW64\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\SysWOW64\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\SysWOW64\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\SysWOW64\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\SysWOW64\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\SysWOW64\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\SysWOW64\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\SysWOW64\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Windows\SysWOW64\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp

Files

memory/1556-2-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/1556-4-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/1556-5-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/1556-6-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/5064-13-0x0000000000C80000-0x0000000000C96000-memory.dmp

C:\Windows\SysWOW64\InstallDir\Server.exe

MD5 5bb4ce20ccbd7dbea1edbcb0a493cde4
SHA1 a241adc9c026615a7fe8f739170ac9689c9a12aa
SHA256 3fd5c605839d254e2a8d07123b923e0ddb798d15d06ebbc936288d1e14d79bda
SHA512 a4168f7b20a98ab96d395b8a156562c83c8383990b4e6f0844911871fd837b210ae27d6a01cca15c35b796a25eaad3b588a42823c2f1ec89d9580bf844c0f657

memory/1556-16-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/4100-22-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/4100-23-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/4100-24-0x0000000000C80000-0x0000000000C96000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\((Mutex)).cfg

MD5 cd72580f912a18f1e42dfdfff0b48cad
SHA1 e8fac5a0312478eda401aea88941566d2bf297f0
SHA256 17ca79bbb83318934b4638094adf742e93509f326d5439a06a4458e8e0c132e1
SHA512 9df3a81faeb9dfc2e046715ce9157ec3dfdabca298f38a9050bad780e9db9eb010f4e10d1104077cced14089f2065f8f307e48b1c95833ebab98be1af33a2356

memory/4100-99-0x0000000000C80000-0x0000000000C96000-memory.dmp

\??\PIPE\srvsvc

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e