Malware Analysis Report

2025-08-05 11:00

Sample ID 241031-g7rddszrgt
Target 82052989c0b3281d8ac30b768caba690_JaffaCakes118
SHA256 b1fae3d4cc2822fee7a5f595fca96514e78a57cc9cab43c59514bb1f351c4893
Tags
xtremerat discovery persistence rat spyware upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

b1fae3d4cc2822fee7a5f595fca96514e78a57cc9cab43c59514bb1f351c4893

Threat Level: Known bad

The file 82052989c0b3281d8ac30b768caba690_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

xtremerat discovery persistence rat spyware upx

Xtremerat family

Detect XtremeRAT payload

XtremeRAT

Boot or Logon Autostart Execution: Active Setup

Loads dropped DLL

Executes dropped EXE

Checks computer location settings

Adds Run key to start application

Drops desktop.ini file(s)

Drops file in System32 directory

UPX packed file

Drops file in Windows directory

Enumerates physical storage devices

Unsigned PE

System Location Discovery: System Language Discovery

Suspicious use of AdjustPrivilegeToken

Modifies registry class

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-31 06:27

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-31 06:27

Reported

2024-10-31 06:29

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

143s

Command Line

"C:\Users\Admin\AppData\Local\Temp\82052989c0b3281d8ac30b768caba690_JaffaCakes118.exe"

Signatures

Detect XtremeRAT payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

XtremeRAT

persistence spyware rat xtremerat

Xtremerat family

xtremerat

Boot or Logon Autostart Execution: Active Setup

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882}\StubPath = "C:\\Windows\\system32\\InstallDir\\Server.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882} C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882}\StubPath = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe restart" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882} C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882} C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882} C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882}\StubPath = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe restart" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882}\StubPath = "C:\\Windows\\system32\\InstallDir\\Server.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882}\StubPath = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe restart" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882}\StubPath = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe restart" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882} C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882} C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882}\StubPath = "C:\\Windows\\system32\\InstallDir\\Server.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882} C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882} C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882} C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882}\StubPath = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe restart" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882} C:\Windows\SysWOW64\svchost.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882} C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe restart" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882} C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882} C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe restart" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882}\StubPath = "C:\\Windows\\system32\\InstallDir\\Server.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe restart" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882} C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882} C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882}\StubPath = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe restart" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882}\StubPath = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe restart" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882} C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882}\StubPath = "C:\\Windows\\system32\\InstallDir\\Server.exe restart" C:\Users\Admin\AppData\Local\Temp\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882}\StubPath = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe restart" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882}\StubPath = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe restart" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882} C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882} C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe restart" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882} C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882}\StubPath = "C:\\Windows\\system32\\InstallDir\\Server.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882} C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882} C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882} C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe restart" C:\Windows\SysWOW64\svchost.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882}\StubPath = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe restart" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882} C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882} C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882} C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882} C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882}\StubPath = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe restart" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882} C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882} C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882} C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882} C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882} C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882} C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\82052989c0b3281d8ac30b768caba690_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\InstallDir\Server.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\system32\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\system32\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\system32\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\system32\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\system32\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\system32\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\system32\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Windows\SysWOW64\svchost.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\system32\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\system32\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Local\Temp\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\system32\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\system32\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Local\Temp\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\system32\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\system32\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Windows\SysWOW64\svchost.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\system32\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\system32\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\system32\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\Windows\assembly\Desktop.ini C:\Users\Admin\AppData\Local\Temp\82052989c0b3281d8ac30b768caba690_JaffaCakes118.exe N/A
File created C:\Windows\assembly\Desktop.ini C:\Users\Admin\AppData\Local\Temp\82052989c0b3281d8ac30b768caba690_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\ C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\ C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\ C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\ C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\ C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\ C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Users\Admin\AppData\Local\Temp\server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\ C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\ C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\ C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\ C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\ C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\ C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\ C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\ C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\ C:\Users\Admin\AppData\Local\Temp\server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\ C:\Windows\SysWOW64\InstallDir\Server.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\assembly C:\Users\Admin\AppData\Local\Temp\82052989c0b3281d8ac30b768caba690_JaffaCakes118.exe N/A
File created C:\Windows\assembly\Desktop.ini C:\Users\Admin\AppData\Local\Temp\82052989c0b3281d8ac30b768caba690_JaffaCakes118.exe N/A
File opened for modification C:\Windows\assembly\Desktop.ini C:\Users\Admin\AppData\Local\Temp\82052989c0b3281d8ac30b768caba690_JaffaCakes118.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Local\Temp\server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\SysWOW64\svchost.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4356 wrote to memory of 4960 N/A C:\Users\Admin\AppData\Local\Temp\82052989c0b3281d8ac30b768caba690_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\server.exe
PID 4356 wrote to memory of 4960 N/A C:\Users\Admin\AppData\Local\Temp\82052989c0b3281d8ac30b768caba690_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\server.exe
PID 4356 wrote to memory of 4960 N/A C:\Users\Admin\AppData\Local\Temp\82052989c0b3281d8ac30b768caba690_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\server.exe
PID 4960 wrote to memory of 460 N/A C:\Users\Admin\AppData\Local\Temp\server.exe C:\Windows\SysWOW64\svchost.exe
PID 4960 wrote to memory of 460 N/A C:\Users\Admin\AppData\Local\Temp\server.exe C:\Windows\SysWOW64\svchost.exe
PID 4960 wrote to memory of 460 N/A C:\Users\Admin\AppData\Local\Temp\server.exe C:\Windows\SysWOW64\svchost.exe
PID 4960 wrote to memory of 3636 N/A C:\Users\Admin\AppData\Local\Temp\server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4960 wrote to memory of 3636 N/A C:\Users\Admin\AppData\Local\Temp\server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4960 wrote to memory of 3636 N/A C:\Users\Admin\AppData\Local\Temp\server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4960 wrote to memory of 3868 N/A C:\Users\Admin\AppData\Local\Temp\server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4960 wrote to memory of 3868 N/A C:\Users\Admin\AppData\Local\Temp\server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4960 wrote to memory of 3868 N/A C:\Users\Admin\AppData\Local\Temp\server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4960 wrote to memory of 4140 N/A C:\Users\Admin\AppData\Local\Temp\server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4960 wrote to memory of 4140 N/A C:\Users\Admin\AppData\Local\Temp\server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4960 wrote to memory of 4140 N/A C:\Users\Admin\AppData\Local\Temp\server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4960 wrote to memory of 764 N/A C:\Users\Admin\AppData\Local\Temp\server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4960 wrote to memory of 764 N/A C:\Users\Admin\AppData\Local\Temp\server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4960 wrote to memory of 764 N/A C:\Users\Admin\AppData\Local\Temp\server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4960 wrote to memory of 4156 N/A C:\Users\Admin\AppData\Local\Temp\server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4960 wrote to memory of 4156 N/A C:\Users\Admin\AppData\Local\Temp\server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4960 wrote to memory of 4156 N/A C:\Users\Admin\AppData\Local\Temp\server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4960 wrote to memory of 932 N/A C:\Users\Admin\AppData\Local\Temp\server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4960 wrote to memory of 932 N/A C:\Users\Admin\AppData\Local\Temp\server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4960 wrote to memory of 932 N/A C:\Users\Admin\AppData\Local\Temp\server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4960 wrote to memory of 968 N/A C:\Users\Admin\AppData\Local\Temp\server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4960 wrote to memory of 968 N/A C:\Users\Admin\AppData\Local\Temp\server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4960 wrote to memory of 968 N/A C:\Users\Admin\AppData\Local\Temp\server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4960 wrote to memory of 692 N/A C:\Users\Admin\AppData\Local\Temp\server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4960 wrote to memory of 692 N/A C:\Users\Admin\AppData\Local\Temp\server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4960 wrote to memory of 748 N/A C:\Users\Admin\AppData\Local\Temp\server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 4960 wrote to memory of 748 N/A C:\Users\Admin\AppData\Local\Temp\server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 4960 wrote to memory of 748 N/A C:\Users\Admin\AppData\Local\Temp\server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 748 wrote to memory of 2300 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\svchost.exe
PID 748 wrote to memory of 2300 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\svchost.exe
PID 748 wrote to memory of 2300 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\svchost.exe
PID 748 wrote to memory of 2300 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\svchost.exe
PID 748 wrote to memory of 3892 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 748 wrote to memory of 3892 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 748 wrote to memory of 3892 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 748 wrote to memory of 4832 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 748 wrote to memory of 4832 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 748 wrote to memory of 4832 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 748 wrote to memory of 1560 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 748 wrote to memory of 1560 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 748 wrote to memory of 1560 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 748 wrote to memory of 2880 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 748 wrote to memory of 2880 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 748 wrote to memory of 2880 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 748 wrote to memory of 4544 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 748 wrote to memory of 4544 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 748 wrote to memory of 4544 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 748 wrote to memory of 3980 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 748 wrote to memory of 3980 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 748 wrote to memory of 3980 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 748 wrote to memory of 2432 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 748 wrote to memory of 2432 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 748 wrote to memory of 2432 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 748 wrote to memory of 2720 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 748 wrote to memory of 2720 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 748 wrote to memory of 4488 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe
PID 748 wrote to memory of 4488 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe
PID 748 wrote to memory of 4488 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe
PID 4488 wrote to memory of 4312 N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 4312 N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\82052989c0b3281d8ac30b768caba690_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\82052989c0b3281d8ac30b768caba690_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\server.exe

"C:\Users\Admin\AppData\Local\Temp\server.exe"

C:\Windows\SysWOW64\svchost.exe

svchost.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Windows\SysWOW64\svchost.exe

svchost.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\SysWOW64\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\SysWOW64\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\SysWOW64\InstallDir\Server.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\SysWOW64\InstallDir\Server.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\SysWOW64\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\SysWOW64\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\SysWOW64\InstallDir\Server.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\SysWOW64\InstallDir\Server.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\SysWOW64\InstallDir\Server.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\SysWOW64\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\SysWOW64\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\SysWOW64\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\SysWOW64\InstallDir\Server.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\SysWOW64\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp

Files

memory/4356-0-0x00007FFA48C45000-0x00007FFA48C46000-memory.dmp

memory/4356-1-0x00007FFA48990000-0x00007FFA49331000-memory.dmp

memory/4356-2-0x000000001B670000-0x000000001BB3E000-memory.dmp

memory/4356-3-0x00007FFA48990000-0x00007FFA49331000-memory.dmp

memory/4356-4-0x0000000000910000-0x000000000091A000-memory.dmp

memory/4356-7-0x000000001BCB0000-0x000000001BCC0000-memory.dmp

memory/4356-8-0x000000001BD70000-0x000000001BE16000-memory.dmp

memory/4356-9-0x000000001BF30000-0x000000001BFCC000-memory.dmp

memory/4356-10-0x0000000000900000-0x0000000000908000-memory.dmp

memory/4356-11-0x000000001C1C0000-0x000000001C20C000-memory.dmp

memory/4356-12-0x00007FFA48990000-0x00007FFA49331000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\server.exe

MD5 1a552997dc5444bdea41ab0fd75bc266
SHA1 8eff4c092154704ef5c9c651cdda111272fce841
SHA256 7674ca395b5e10e480b788bc2899d6e747a236f397e3a4a847ac24cfb95cf503
SHA512 5bc57fe30e93f3c817c809c917a68a86b9a4618e87923afe0b76fa73e7e50179da06ee9a91b559e70e834ea3c6fa5d7a7f06088219c8db38f98f72995936d3bf

memory/4960-20-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/4356-31-0x00007FFA48C45000-0x00007FFA48C46000-memory.dmp

memory/4356-53-0x00007FFA48990000-0x00007FFA49331000-memory.dmp

memory/4960-62-0x0000000000C80000-0x0000000000C96000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\d1sLuF.cfg

MD5 7aaca6b60aa043f49affb633554793e4
SHA1 59a9a6e0e61b1ea64665cb6a56d9c90a72f9a07c
SHA256 6c21a99be91197d889237790ac6b704498da6bb418e292973a21f83e9b760168
SHA512 f84f5ebdbb98d44fbf2fb91d48dfb0d0c82ac71fb32af0629702be42e1b9715600fee3ccaa2d9c234fcfc71bcaa12df3d2b7d4c5ad0bcda0e94fc8bc5a0eadb6

memory/2300-70-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/748-74-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/1052-112-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/4488-114-0x0000000000C80000-0x0000000000C96000-memory.dmp

\??\PIPE\srvsvc

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/1052-130-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/1568-142-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/3956-154-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/1968-157-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/4900-159-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/1656-165-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/4092-174-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/1968-177-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/2656-187-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/720-203-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/1368-210-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/4956-209-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/740-213-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/1220-232-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/1368-235-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/4040-243-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/384-245-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/1372-254-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/5108-256-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/2796-258-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/372-264-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/2164-266-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/2644-271-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/4880-273-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/5140-279-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/5144-280-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/5408-286-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/5392-288-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/5720-297-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/5704-328-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/6040-334-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/6008-336-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/5176-341-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/5208-343-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/5316-349-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/5328-350-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/4872-355-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/532-358-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/5692-362-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/5752-366-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/6000-369-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/6068-373-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/1356-377-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/4872-381-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/3412-383-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/5036-397-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/4916-399-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/5480-408-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/1776-435-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/5692-445-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/6056-475-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/6188-481-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/6156-482-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/6444-491-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/6424-524-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/6740-528-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/6780-532-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/6196-537-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/4872-538-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/6148-542-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/6160-548-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/624-549-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/6396-557-0x0000000000C80000-0x0000000000C96000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-31 06:27

Reported

2024-10-31 06:29

Platform

win7-20240903-en

Max time kernel

149s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\82052989c0b3281d8ac30b768caba690_JaffaCakes118.exe"

Signatures

Detect XtremeRAT payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

XtremeRAT

persistence spyware rat xtremerat

Xtremerat family

xtremerat

Boot or Logon Autostart Execution: Active Setup

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882} C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882} C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe restart" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882} C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe restart" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882} C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882} C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882}\StubPath = "C:\\Windows\\system32\\InstallDir\\Server.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882} C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882}\StubPath = "C:\\Windows\\system32\\InstallDir\\Server.exe restart" C:\Users\Admin\AppData\Local\Temp\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882} C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882}\StubPath = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe restart" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882} C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe restart" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882}\StubPath = "C:\\Windows\\system32\\InstallDir\\Server.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882} C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882} C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882} C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882}\StubPath = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe restart" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882} C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882} C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882} C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882}\StubPath = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe restart" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882} C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882}\StubPath = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe restart" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882}\StubPath = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe restart" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882} C:\Users\Admin\AppData\Local\Temp\server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882}\StubPath = "C:\\Windows\\system32\\InstallDir\\Server.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882}\StubPath = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe restart" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882}\StubPath = "C:\\Windows\\system32\\InstallDir\\Server.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882} C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882}\StubPath = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe restart" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882}\StubPath = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe restart" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882}\StubPath = "C:\\Windows\\system32\\InstallDir\\Server.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882}\StubPath = "C:\\Windows\\system32\\InstallDir\\Server.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882} C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882} C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe restart" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882}\StubPath = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe restart" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe restart" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882} C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882}\StubPath = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe restart" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882} C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882}\StubPath = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe restart" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882}\StubPath = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe restart" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882} C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe restart" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882} C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882} C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882}\StubPath = "C:\\Windows\\system32\\InstallDir\\Server.exe restart" C:\Windows\SysWOW64\svchost.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe restart" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882} C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882}\StubPath = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe restart" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{07FJ38OR-J5R2-Q073-F742-RM33RTQF5882} C:\Windows\SysWOW64\InstallDir\Server.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\server.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\InstallDir\Server.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Windows\SysWOW64\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\system32\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\system32\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\system32\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\system32\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\system32\\InstallDir\\Server.exe" C:\Windows\SysWOW64\svchost.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\system32\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\system32\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\system32\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Roaming\\InstallDir\\Server.exe" C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\SysWOW64\\InstallDir\\Server.exe" C:\Windows\SysWOW64\InstallDir\Server.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\ C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\ C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\ C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\ C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\ C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\ C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\ C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\ C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\ C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\ C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\ C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\ C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\ C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Windows\SysWOW64\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\ C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
File created C:\Windows\SysWOW64\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallDir\Server.exe C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\InstallDir\Server.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\InstallDir\Server.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2248 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\82052989c0b3281d8ac30b768caba690_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\server.exe
PID 2248 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\82052989c0b3281d8ac30b768caba690_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\server.exe
PID 2248 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\82052989c0b3281d8ac30b768caba690_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\server.exe
PID 2248 wrote to memory of 2968 N/A C:\Users\Admin\AppData\Local\Temp\82052989c0b3281d8ac30b768caba690_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\server.exe
PID 2968 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\server.exe C:\Windows\SysWOW64\svchost.exe
PID 2968 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\server.exe C:\Windows\SysWOW64\svchost.exe
PID 2968 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\server.exe C:\Windows\SysWOW64\svchost.exe
PID 2968 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\server.exe C:\Windows\SysWOW64\svchost.exe
PID 2968 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\server.exe C:\Windows\SysWOW64\svchost.exe
PID 2968 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\server.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2968 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\server.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2968 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\server.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2968 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\server.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2968 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\server.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2968 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\server.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2968 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\server.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2968 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\server.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2968 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\server.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2968 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\server.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2968 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\server.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2968 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\server.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2968 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\server.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2968 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\server.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2968 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\server.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2968 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\server.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2968 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\server.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2968 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\server.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2968 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\server.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2968 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\server.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2968 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\server.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2968 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\server.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2968 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\server.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2968 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\server.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2968 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\server.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2968 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\server.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2968 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\server.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2968 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\server.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2968 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\server.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2968 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\server.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2968 wrote to memory of 2264 N/A C:\Users\Admin\AppData\Local\Temp\server.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2968 wrote to memory of 2264 N/A C:\Users\Admin\AppData\Local\Temp\server.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2968 wrote to memory of 2264 N/A C:\Users\Admin\AppData\Local\Temp\server.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2968 wrote to memory of 2264 N/A C:\Users\Admin\AppData\Local\Temp\server.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2968 wrote to memory of 2264 N/A C:\Users\Admin\AppData\Local\Temp\server.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2968 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\server.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2968 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\server.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2968 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\server.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2968 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\server.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2968 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 2968 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 2968 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 2968 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\server.exe C:\Windows\SysWOW64\InstallDir\Server.exe
PID 2624 wrote to memory of 2784 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2624 wrote to memory of 2784 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2624 wrote to memory of 2784 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2624 wrote to memory of 2784 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2624 wrote to memory of 2784 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2624 wrote to memory of 2788 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2624 wrote to memory of 2788 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2624 wrote to memory of 2788 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2624 wrote to memory of 2788 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2624 wrote to memory of 2788 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2624 wrote to memory of 2732 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2624 wrote to memory of 2732 N/A C:\Windows\SysWOW64\InstallDir\Server.exe C:\Program Files\Internet Explorer\iexplore.exe

Processes

C:\Users\Admin\AppData\Local\Temp\82052989c0b3281d8ac30b768caba690_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\82052989c0b3281d8ac30b768caba690_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\server.exe

"C:\Users\Admin\AppData\Local\Temp\server.exe"

C:\Windows\SysWOW64\svchost.exe

svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\SysWOW64\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\SysWOW64\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\SysWOW64\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\SysWOW64\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\SysWOW64\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\SysWOW64\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\SysWOW64\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\SysWOW64\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\SysWOW64\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\SysWOW64\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\SysWOW64\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\SysWOW64\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\SysWOW64\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\SysWOW64\InstallDir\Server.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\SysWOW64\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\SysWOW64\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\SysWOW64\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\SysWOW64\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\SysWOW64\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\SysWOW64\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\SysWOW64\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\InstallDir\Server.exe

"C:\Windows\system32\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe

"C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

Network

N/A

Files

memory/2248-0-0x000007FEF684E000-0x000007FEF684F000-memory.dmp

memory/2248-1-0x000007FEF6590000-0x000007FEF6F2D000-memory.dmp

memory/2248-2-0x00000000003A0000-0x00000000003AA000-memory.dmp

memory/2248-3-0x0000000000690000-0x00000000006A0000-memory.dmp

memory/2248-4-0x000007FEF6590000-0x000007FEF6F2D000-memory.dmp

memory/2248-5-0x000007FEF6590000-0x000007FEF6F2D000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\server.exe

MD5 1a552997dc5444bdea41ab0fd75bc266
SHA1 8eff4c092154704ef5c9c651cdda111272fce841
SHA256 7674ca395b5e10e480b788bc2899d6e747a236f397e3a4a847ac24cfb95cf503
SHA512 5bc57fe30e93f3c817c809c917a68a86b9a4618e87923afe0b76fa73e7e50179da06ee9a91b559e70e834ea3c6fa5d7a7f06088219c8db38f98f72995936d3bf

memory/2968-13-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/2480-23-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/2480-21-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/2968-27-0x00000000032A0000-0x00000000032B6000-memory.dmp

memory/2624-33-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/2248-29-0x000007FEF6590000-0x000007FEF6F2D000-memory.dmp

memory/2968-28-0x00000000032A0000-0x00000000032B6000-memory.dmp

memory/2968-32-0x0000000000C80000-0x0000000000C96000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\d1sLuF.cfg

MD5 7aaca6b60aa043f49affb633554793e4
SHA1 59a9a6e0e61b1ea64665cb6a56d9c90a72f9a07c
SHA256 6c21a99be91197d889237790ac6b704498da6bb418e292973a21f83e9b760168
SHA512 f84f5ebdbb98d44fbf2fb91d48dfb0d0c82ac71fb32af0629702be42e1b9715600fee3ccaa2d9c234fcfc71bcaa12df3d2b7d4c5ad0bcda0e94fc8bc5a0eadb6

memory/2624-43-0x0000000003510000-0x0000000003526000-memory.dmp

memory/2624-49-0x0000000003510000-0x0000000003526000-memory.dmp

memory/684-53-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/2624-52-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/2480-63-0x0000000002760000-0x0000000002776000-memory.dmp

memory/684-68-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/1912-70-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/1520-71-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/1912-84-0x0000000003510000-0x0000000003526000-memory.dmp

memory/1912-86-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/2480-99-0x0000000002950000-0x0000000002966000-memory.dmp

memory/2944-104-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/2996-107-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/2480-117-0x0000000002950000-0x0000000002966000-memory.dmp

memory/108-116-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/1600-131-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/1600-129-0x00000000034F0000-0x0000000003506000-memory.dmp

memory/2068-132-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/1504-138-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/108-137-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/2480-150-0x0000000002D60000-0x0000000002D76000-memory.dmp

memory/2480-148-0x0000000002D60000-0x0000000002D76000-memory.dmp

memory/2068-153-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/1504-160-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/1504-162-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/2624-159-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/1504-158-0x0000000003110000-0x0000000003126000-memory.dmp

memory/1504-157-0x0000000003110000-0x0000000003126000-memory.dmp

memory/2964-170-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/2480-173-0x0000000002D60000-0x0000000002D76000-memory.dmp

memory/2480-174-0x0000000002AA0000-0x0000000002AB6000-memory.dmp

\??\PIPE\srvsvc

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/2624-191-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/2444-192-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/2624-189-0x0000000003530000-0x0000000003546000-memory.dmp

memory/2624-188-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/2480-196-0x0000000002AA0000-0x0000000002AB6000-memory.dmp

memory/2072-195-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/2444-204-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/1244-213-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/2692-212-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/2400-220-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/2400-218-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/1244-228-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/2888-230-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/2624-231-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/2480-238-0x0000000002AB0000-0x0000000002AC6000-memory.dmp

memory/1288-239-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/1652-246-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/1860-247-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/1652-248-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/2624-251-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/2480-252-0x0000000002AB0000-0x0000000002AC6000-memory.dmp

memory/2624-254-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/1860-258-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/1288-260-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/2692-261-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/2480-268-0x0000000003010000-0x0000000003026000-memory.dmp

memory/3108-273-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/2888-272-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/2692-277-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/3164-278-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/2600-282-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/3164-285-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/3300-287-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/2480-286-0x0000000003010000-0x0000000003026000-memory.dmp

memory/3108-291-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/3240-295-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/3556-296-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/3300-299-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/2480-302-0x0000000004580000-0x0000000004596000-memory.dmp

memory/3640-301-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/2480-300-0x00000000045D0000-0x00000000045E6000-memory.dmp

memory/2480-305-0x0000000004580000-0x0000000004596000-memory.dmp

memory/3816-308-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/3492-307-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/3556-312-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/3884-313-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/3992-318-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/3640-317-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/2480-321-0x00000000045D0000-0x00000000045E6000-memory.dmp

memory/3284-326-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/3816-325-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/3992-330-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/4060-331-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/3884-333-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/3300-336-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/3284-340-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/3500-343-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/3300-347-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/3644-353-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/4064-355-0x0000000000C80000-0x0000000000C96000-memory.dmp

memory/2160-372-0x0000000000C80000-0x0000000000C96000-memory.dmp