Malware Analysis Report

2024-11-15 07:52

Sample ID 201205-2qd6xkqxgx
Target sample-324887-0a7ab9da9997bf3f75ec4549a9b9daf0.zip
SHA256 8edc4c2dd797397d883e6f73866939f182dde407b270ae7655b17bf55dfb0902
Tags
smokeloader backdoor spyware trojan qakbot tr01 1604997522 banker stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

8edc4c2dd797397d883e6f73866939f182dde407b270ae7655b17bf55dfb0902

Threat Level: Known bad

The file sample-324887-0a7ab9da9997bf3f75ec4549a9b9daf0.zip was found to be: Known bad.

Malicious Activity Summary

smokeloader backdoor spyware trojan qakbot tr01 1604997522 banker stealer

SmokeLoader

Qakbot/Qbot

Executes dropped EXE

Loads dropped DLL

Deletes itself

Reads user/profile data of web browsers

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Creates scheduled task(s)

Suspicious use of WriteProcessMemory

Checks SCSI registry key(s)

Suspicious use of UnmapMainImage

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: MapViewOfSection

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2020-12-05 03:08

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2020-12-05 03:08

Reported

2020-12-05 03:11

Platform

win7v20201028

Max time kernel

151s

Max time network

126s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Vuu0hnOqjF.exe"

Signatures

SmokeLoader

trojan backdoor smokeloader

Deletes itself

Description Indicator Process Target
N/A N/A N/A N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vuu0hnOqjF.exe N/A

Reads user/profile data of web browsers

spyware

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\Vuu0hnOqjF.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\Vuu0hnOqjF.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\Vuu0hnOqjF.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vuu0hnOqjF.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vuu0hnOqjF.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vuu0hnOqjF.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1268 wrote to memory of 2016 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1268 wrote to memory of 2016 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1268 wrote to memory of 2016 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1268 wrote to memory of 2016 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1268 wrote to memory of 2016 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1268 wrote to memory of 1472 N/A N/A C:\Windows\explorer.exe
PID 1268 wrote to memory of 1472 N/A N/A C:\Windows\explorer.exe
PID 1268 wrote to memory of 1472 N/A N/A C:\Windows\explorer.exe
PID 1268 wrote to memory of 1472 N/A N/A C:\Windows\explorer.exe
PID 1268 wrote to memory of 600 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1268 wrote to memory of 600 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1268 wrote to memory of 600 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1268 wrote to memory of 600 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1268 wrote to memory of 600 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1268 wrote to memory of 1276 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1268 wrote to memory of 1276 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1268 wrote to memory of 1276 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1268 wrote to memory of 1276 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1268 wrote to memory of 1276 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1268 wrote to memory of 1536 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1268 wrote to memory of 1536 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1268 wrote to memory of 1536 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1268 wrote to memory of 1536 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1268 wrote to memory of 1536 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1268 wrote to memory of 1600 N/A N/A C:\Windows\explorer.exe
PID 1268 wrote to memory of 1600 N/A N/A C:\Windows\explorer.exe
PID 1268 wrote to memory of 1600 N/A N/A C:\Windows\explorer.exe
PID 1268 wrote to memory of 1600 N/A N/A C:\Windows\explorer.exe
PID 1268 wrote to memory of 2012 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1268 wrote to memory of 2012 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1268 wrote to memory of 2012 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1268 wrote to memory of 2012 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1268 wrote to memory of 2012 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1268 wrote to memory of 1232 N/A N/A C:\Windows\explorer.exe
PID 1268 wrote to memory of 1232 N/A N/A C:\Windows\explorer.exe
PID 1268 wrote to memory of 1232 N/A N/A C:\Windows\explorer.exe
PID 1268 wrote to memory of 1232 N/A N/A C:\Windows\explorer.exe
PID 1268 wrote to memory of 1324 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1268 wrote to memory of 1324 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1268 wrote to memory of 1324 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1268 wrote to memory of 1324 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1268 wrote to memory of 1324 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1268 wrote to memory of 1844 N/A N/A C:\Windows\explorer.exe
PID 1268 wrote to memory of 1844 N/A N/A C:\Windows\explorer.exe
PID 1268 wrote to memory of 1844 N/A N/A C:\Windows\explorer.exe
PID 1268 wrote to memory of 1844 N/A N/A C:\Windows\explorer.exe
PID 1268 wrote to memory of 996 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1268 wrote to memory of 996 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1268 wrote to memory of 996 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1268 wrote to memory of 996 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1268 wrote to memory of 996 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1268 wrote to memory of 816 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1268 wrote to memory of 816 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1268 wrote to memory of 816 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1268 wrote to memory of 816 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1268 wrote to memory of 816 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1268 wrote to memory of 1160 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1268 wrote to memory of 1160 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1268 wrote to memory of 1160 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1268 wrote to memory of 1160 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1268 wrote to memory of 1160 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1268 wrote to memory of 1416 N/A N/A C:\Windows\explorer.exe
PID 1268 wrote to memory of 1416 N/A N/A C:\Windows\explorer.exe
PID 1268 wrote to memory of 1416 N/A N/A C:\Windows\explorer.exe
PID 1268 wrote to memory of 1416 N/A N/A C:\Windows\explorer.exe
PID 1268 wrote to memory of 1032 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1268 wrote to memory of 1032 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1268 wrote to memory of 1032 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1268 wrote to memory of 1032 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1268 wrote to memory of 1032 N/A N/A C:\Windows\SysWOW64\explorer.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Vuu0hnOqjF.exe

"C:\Users\Admin\AppData\Local\Temp\Vuu0hnOqjF.exe"

C:\Windows\SysWOW64\explorer.exe

C:\Windows\SysWOW64\explorer.exe

C:\Windows\explorer.exe

C:\Windows\explorer.exe

C:\Windows\SysWOW64\explorer.exe

C:\Windows\SysWOW64\explorer.exe

C:\Windows\SysWOW64\explorer.exe

C:\Windows\SysWOW64\explorer.exe

C:\Windows\SysWOW64\explorer.exe

C:\Windows\SysWOW64\explorer.exe

C:\Windows\explorer.exe

C:\Windows\explorer.exe

C:\Windows\SysWOW64\explorer.exe

C:\Windows\SysWOW64\explorer.exe

C:\Windows\explorer.exe

C:\Windows\explorer.exe

C:\Windows\SysWOW64\explorer.exe

C:\Windows\SysWOW64\explorer.exe

C:\Windows\explorer.exe

C:\Windows\explorer.exe

C:\Windows\SysWOW64\explorer.exe

C:\Windows\SysWOW64\explorer.exe

C:\Windows\SysWOW64\explorer.exe

C:\Windows\SysWOW64\explorer.exe

C:\Windows\SysWOW64\explorer.exe

C:\Windows\SysWOW64\explorer.exe

C:\Windows\explorer.exe

C:\Windows\explorer.exe

C:\Windows\SysWOW64\explorer.exe

C:\Windows\SysWOW64\explorer.exe

Network

Country Destination Domain Proto
N/A 8.8.8.8:53 cent.live udp
N/A 185.99.133.204:80 cent.live tcp
N/A 8.8.8.8:53 duwayainvestment.com udp
N/A 108.167.140.194:443 duwayainvestment.com tcp
N/A 108.167.140.194:443 duwayainvestment.com tcp

Files

memory/2024-2-0x0000000006130000-0x0000000006141000-memory.dmp

\Users\Admin\AppData\Local\Temp\554B.tmp

MD5 d124f55b9393c976963407dff51ffa79
SHA1 2c7bbedd79791bfb866898c85b504186db610b5d
SHA256 ea1e16247c848c8c171c4cd1fa17bc5a018a1fcb0c0dac25009066b6667b8eef
SHA512 278fe3a4b1fbbe700e4f4483b610133e975e36e101455661d5197bd892a68839b9d555499040d200c92aefa9e3819380e395c0cd85d5fc845c6364d128a8cf06

memory/1268-4-0x0000000002F80000-0x0000000002F95000-memory.dmp

memory/2016-5-0x0000000000000000-mapping.dmp

memory/2016-33-0x0000000000080000-0x00000000000EB000-memory.dmp

memory/2016-34-0x00000000001F0000-0x0000000000265000-memory.dmp

memory/1472-39-0x0000000000000000-mapping.dmp

memory/1472-41-0x0000000000070000-0x0000000000077000-memory.dmp

memory/1472-40-0x0000000000060000-0x000000000006C000-memory.dmp

memory/1268-48-0x0000000002B90000-0x0000000002B97000-memory.dmp

memory/600-51-0x0000000000000000-mapping.dmp

memory/600-54-0x0000000000080000-0x0000000000089000-memory.dmp

memory/600-56-0x0000000000090000-0x0000000000094000-memory.dmp

memory/1268-140-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-141-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1276-142-0x0000000000000000-mapping.dmp

memory/1276-144-0x0000000000090000-0x000000000009A000-memory.dmp

memory/1276-143-0x0000000000080000-0x000000000008B000-memory.dmp

memory/1268-232-0x0000000002B90000-0x0000000002B9A000-memory.dmp

memory/1536-234-0x0000000000000000-mapping.dmp

memory/1536-235-0x0000000000080000-0x000000000008B000-memory.dmp

memory/1536-236-0x0000000000090000-0x0000000000097000-memory.dmp

memory/1600-278-0x0000000000000000-mapping.dmp

memory/1600-283-0x0000000000060000-0x000000000006E000-memory.dmp

memory/1600-285-0x0000000000070000-0x0000000000079000-memory.dmp

memory/2012-360-0x0000000000000000-mapping.dmp

memory/2012-362-0x0000000000080000-0x0000000000089000-memory.dmp

memory/2012-364-0x0000000000090000-0x0000000000095000-memory.dmp

memory/1232-418-0x0000000000000000-mapping.dmp

memory/1232-423-0x0000000000060000-0x000000000006C000-memory.dmp

memory/1232-426-0x0000000000070000-0x0000000000076000-memory.dmp

memory/1268-490-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-489-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-488-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-487-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-486-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-485-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-484-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-483-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-482-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-481-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-480-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-479-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-478-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-477-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-476-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-475-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-474-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-473-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-472-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-471-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-469-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-470-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-468-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-467-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-466-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-465-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-464-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-463-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-462-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-461-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1324-526-0x0000000000000000-mapping.dmp

memory/1324-528-0x0000000000080000-0x0000000000089000-memory.dmp

memory/1324-530-0x0000000000090000-0x0000000000094000-memory.dmp

memory/1268-531-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-534-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-536-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-538-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-540-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-542-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-544-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-546-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-548-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-550-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-552-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-554-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-556-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-558-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-560-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-562-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-564-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-566-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-568-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-572-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-574-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-570-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-529-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-577-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-583-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-580-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1844-582-0x0000000000000000-mapping.dmp

memory/1268-585-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1844-587-0x0000000000060000-0x0000000000069000-memory.dmp

memory/1844-590-0x0000000000070000-0x0000000000075000-memory.dmp

memory/1268-591-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-588-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-597-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-594-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/996-634-0x0000000000000000-mapping.dmp

memory/996-636-0x0000000000080000-0x00000000000A7000-memory.dmp

memory/1268-639-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-640-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-641-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-642-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-643-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-644-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-645-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-646-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-647-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-648-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-649-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-650-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-651-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-638-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/996-637-0x00000000000B0000-0x00000000000D2000-memory.dmp

memory/1268-652-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-653-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-655-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-654-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-656-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-657-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-659-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-660-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-661-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-662-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-663-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-664-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-665-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-666-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-667-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-668-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-658-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-669-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-670-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-673-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-674-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-675-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-677-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-678-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-679-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-676-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-680-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-681-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-682-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-683-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-684-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-685-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-686-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-687-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-688-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-689-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-690-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-691-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-692-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-693-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-694-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-695-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-696-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-697-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-698-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-700-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-701-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-702-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-703-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-704-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-705-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-699-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/816-744-0x0000000000000000-mapping.dmp

memory/1268-774-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-781-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-780-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-779-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-778-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-777-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-776-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-775-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-773-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-772-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-771-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-770-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-769-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-768-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-767-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-766-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-765-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-764-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-763-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-762-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-761-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-760-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-759-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-758-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-757-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-756-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-755-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-754-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-753-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-752-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-751-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/816-750-0x0000000000090000-0x0000000000095000-memory.dmp

memory/1268-749-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-748-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/1268-747-0x0000000002B90000-0x0000000002B94000-memory.dmp

memory/816-746-0x0000000000080000-0x0000000000089000-memory.dmp

memory/1268-801-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-800-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-802-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-799-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-798-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-797-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-796-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-803-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-795-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-794-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-793-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-792-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-791-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-790-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-789-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-788-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-804-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-787-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-786-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-785-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-805-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-784-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-806-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-807-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-809-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-808-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-817-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-816-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-815-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-814-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-813-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-812-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-811-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-810-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-894-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-897-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-896-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1160-895-0x0000000000000000-mapping.dmp

memory/1160-899-0x0000000000080000-0x000000000008B000-memory.dmp

memory/1160-901-0x0000000000090000-0x0000000000096000-memory.dmp

memory/1268-902-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-900-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-898-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-903-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-904-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-905-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-906-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-907-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-908-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-909-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-910-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-911-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-912-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-913-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-914-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-915-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-916-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-917-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-918-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-919-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-920-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-921-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-922-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-923-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-924-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-925-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-926-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-927-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-928-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-929-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-930-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-972-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1268-973-0x0000000002B90000-0x0000000002B95000-memory.dmp

memory/1416-974-0x0000000000000000-mapping.dmp

memory/1416-975-0x0000000000060000-0x000000000006D000-memory.dmp

memory/1416-976-0x0000000000070000-0x0000000000077000-memory.dmp

memory/1268-1018-0x0000000002B90000-0x0000000002B96000-memory.dmp

memory/1268-1051-0x0000000002B90000-0x0000000002B96000-memory.dmp

memory/1268-1050-0x0000000002B90000-0x0000000002B96000-memory.dmp

memory/1268-1049-0x0000000002B90000-0x0000000002B96000-memory.dmp

memory/1268-1048-0x0000000002B90000-0x0000000002B96000-memory.dmp

memory/1268-1047-0x0000000002B90000-0x0000000002B96000-memory.dmp

memory/1268-1046-0x0000000002B90000-0x0000000002B96000-memory.dmp

memory/1268-1045-0x0000000002B90000-0x0000000002B96000-memory.dmp

memory/1268-1044-0x0000000002B90000-0x0000000002B96000-memory.dmp

memory/1268-1042-0x0000000002B90000-0x0000000002B96000-memory.dmp

memory/1268-1043-0x0000000002B90000-0x0000000002B96000-memory.dmp

memory/1268-1041-0x0000000002B90000-0x0000000002B96000-memory.dmp

memory/1268-1040-0x0000000002B90000-0x0000000002B96000-memory.dmp

memory/1268-1039-0x0000000002B90000-0x0000000002B96000-memory.dmp

memory/1268-1038-0x0000000002B90000-0x0000000002B96000-memory.dmp

memory/1268-1037-0x0000000002B90000-0x0000000002B96000-memory.dmp

memory/1268-1036-0x0000000002B90000-0x0000000002B96000-memory.dmp

memory/1268-1035-0x0000000002B90000-0x0000000002B96000-memory.dmp

memory/1268-1034-0x0000000002B90000-0x0000000002B96000-memory.dmp

memory/1268-1033-0x0000000002B90000-0x0000000002B96000-memory.dmp

memory/1268-1032-0x0000000002B90000-0x0000000002B96000-memory.dmp

memory/1268-1031-0x0000000002B90000-0x0000000002B96000-memory.dmp

memory/1268-1030-0x0000000002B90000-0x0000000002B96000-memory.dmp

memory/1268-1029-0x0000000002B90000-0x0000000002B96000-memory.dmp

memory/1268-1028-0x0000000002B90000-0x0000000002B96000-memory.dmp

memory/1268-1027-0x0000000002B90000-0x0000000002B96000-memory.dmp

memory/1268-1025-0x0000000002B90000-0x0000000002B96000-memory.dmp

memory/1268-1026-0x0000000002B90000-0x0000000002B96000-memory.dmp

memory/1268-1024-0x0000000002B90000-0x0000000002B96000-memory.dmp

memory/1268-1023-0x0000000002B90000-0x0000000002B96000-memory.dmp

memory/1268-1022-0x0000000002B90000-0x0000000002B96000-memory.dmp

memory/1268-1021-0x0000000002B90000-0x0000000002B96000-memory.dmp

memory/1268-1020-0x0000000002B90000-0x0000000002B96000-memory.dmp

memory/1268-1019-0x0000000002B90000-0x0000000002B96000-memory.dmp

memory/1268-1017-0x0000000002B90000-0x0000000002B96000-memory.dmp

memory/1268-1016-0x0000000002B90000-0x0000000002B96000-memory.dmp

memory/1032-1169-0x0000000000000000-mapping.dmp

memory/1032-1170-0x0000000000080000-0x000000000008B000-memory.dmp

memory/1032-1171-0x0000000000090000-0x0000000000098000-memory.dmp

memory/1268-1173-0x0000000002B90000-0x0000000002B96000-memory.dmp

memory/1268-1174-0x0000000002B90000-0x0000000002B96000-memory.dmp

memory/1268-1175-0x0000000002B90000-0x0000000002B96000-memory.dmp

memory/1268-1176-0x0000000002B90000-0x0000000002B96000-memory.dmp

memory/1268-1177-0x0000000002B90000-0x0000000002B96000-memory.dmp

memory/1268-1178-0x0000000002B90000-0x0000000002B96000-memory.dmp

memory/1268-1179-0x0000000002B90000-0x0000000002B96000-memory.dmp

memory/1268-1180-0x0000000002B90000-0x0000000002B96000-memory.dmp

memory/1268-1181-0x0000000002B90000-0x0000000002B96000-memory.dmp

memory/1268-1182-0x0000000002B90000-0x0000000002B96000-memory.dmp

memory/1268-1183-0x0000000002B90000-0x0000000002B96000-memory.dmp

memory/1268-1184-0x0000000002B90000-0x0000000002B96000-memory.dmp

memory/1268-1185-0x0000000002B90000-0x0000000002B96000-memory.dmp

memory/1268-1186-0x0000000002B90000-0x0000000002B96000-memory.dmp

memory/1268-1187-0x0000000002B90000-0x0000000002B96000-memory.dmp

memory/1268-1188-0x0000000002B90000-0x0000000002B96000-memory.dmp

memory/1268-1189-0x0000000002B90000-0x0000000002B96000-memory.dmp

memory/1268-1190-0x0000000002B90000-0x0000000002B96000-memory.dmp

memory/1268-1191-0x0000000002B90000-0x0000000002B96000-memory.dmp

memory/1268-1192-0x0000000002B90000-0x0000000002B96000-memory.dmp

memory/1268-1193-0x0000000002B90000-0x0000000002B96000-memory.dmp

memory/1268-1194-0x0000000002B90000-0x0000000002B96000-memory.dmp

memory/1268-1195-0x0000000002B90000-0x0000000002B96000-memory.dmp

memory/1268-1196-0x0000000002B90000-0x0000000002B96000-memory.dmp

memory/1268-1197-0x0000000002B90000-0x0000000002B96000-memory.dmp

memory/1268-1198-0x0000000002B90000-0x0000000002B96000-memory.dmp

memory/1268-1199-0x0000000002B90000-0x0000000002B96000-memory.dmp

memory/1268-1200-0x0000000002B90000-0x0000000002B96000-memory.dmp

memory/1268-1201-0x0000000002B90000-0x0000000002B96000-memory.dmp

memory/1268-1203-0x0000000002B90000-0x0000000002B96000-memory.dmp

memory/1268-1202-0x0000000002B90000-0x0000000002B96000-memory.dmp

memory/1268-1204-0x0000000002B90000-0x0000000002B96000-memory.dmp

memory/1268-1205-0x0000000002B90000-0x0000000002B96000-memory.dmp

memory/1268-1206-0x0000000002B90000-0x0000000002B96000-memory.dmp

memory/1268-1207-0x0000000002B90000-0x0000000002B96000-memory.dmp

memory/1268-1208-0x0000000002B90000-0x0000000002B96000-memory.dmp

memory/1268-1209-0x0000000002B90000-0x0000000002B96000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2020-12-05 03:08

Reported

2020-12-05 03:11

Platform

win10v20201028

Max time kernel

150s

Max time network

110s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Vuu0hnOqjF.exe"

Signatures

Qakbot/Qbot

trojan banker stealer qakbot

SmokeLoader

trojan backdoor smokeloader

Deletes itself

Description Indicator Process Target
N/A N/A N/A N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vuu0hnOqjF.exe N/A

Reads user/profile data of web browsers

spyware

Checks SCSI registry key(s)

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Service C:\Users\Admin\AppData\Roaming\Microsoft\Uxagjed\emukce.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Service C:\Users\Admin\AppData\Roaming\Microsoft\Uxagjed\emukce.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_SANU&PROD_SANU_DVD-ROM\4&37CE57BA&0&010000 C:\Users\Admin\AppData\Local\Temp\408.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\DeviceDesc C:\Users\Admin\AppData\Roaming\Microsoft\Uxagjed\emukce.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Service C:\Users\Admin\AppData\Local\Temp\408.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_SANU&PROD_SANU_DVD-ROM\4&37CE57BA&0&010000 C:\Users\Admin\AppData\Roaming\Microsoft\Uxagjed\emukce.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\Vuu0hnOqjF.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_&PROD_HEARTDISK\4&37CE57BA&0&000000 C:\Users\Admin\AppData\Local\Temp\408.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_&PROD_HEARTDISK\4&37CE57BA&0&000000 C:\Users\Admin\AppData\Roaming\Microsoft\Uxagjed\emukce.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\Vuu0hnOqjF.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\DeviceDesc C:\Users\Admin\AppData\Local\Temp\408.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\DeviceDesc C:\Users\Admin\AppData\Local\Temp\408.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\DeviceDesc C:\Users\Admin\AppData\Roaming\Microsoft\Uxagjed\emukce.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\Vuu0hnOqjF.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Service C:\Users\Admin\AppData\Local\Temp\408.exe N/A

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vuu0hnOqjF.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vuu0hnOqjF.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\408.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\408.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\408.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\408.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\408.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\408.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Uxagjed\emukce.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Uxagjed\emukce.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Uxagjed\emukce.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Uxagjed\emukce.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Uxagjed\emukce.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Uxagjed\emukce.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Vuu0hnOqjF.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Uxagjed\emukce.exe N/A

Suspicious use of UnmapMainImage

Description Indicator Process Target
N/A N/A N/A N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2396 wrote to memory of 1308 N/A N/A C:\Users\Admin\AppData\Local\Temp\408.exe
PID 2396 wrote to memory of 1308 N/A N/A C:\Users\Admin\AppData\Local\Temp\408.exe
PID 2396 wrote to memory of 1308 N/A N/A C:\Users\Admin\AppData\Local\Temp\408.exe
PID 2396 wrote to memory of 2696 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 2396 wrote to memory of 2696 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 2396 wrote to memory of 2696 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 2396 wrote to memory of 2696 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 2396 wrote to memory of 3636 N/A N/A C:\Windows\explorer.exe
PID 2396 wrote to memory of 3636 N/A N/A C:\Windows\explorer.exe
PID 2396 wrote to memory of 3636 N/A N/A C:\Windows\explorer.exe
PID 2396 wrote to memory of 2528 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 2396 wrote to memory of 2528 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 2396 wrote to memory of 2528 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 2396 wrote to memory of 2528 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1308 wrote to memory of 3784 N/A C:\Users\Admin\AppData\Local\Temp\408.exe C:\Users\Admin\AppData\Local\Temp\408.exe
PID 1308 wrote to memory of 3784 N/A C:\Users\Admin\AppData\Local\Temp\408.exe C:\Users\Admin\AppData\Local\Temp\408.exe
PID 1308 wrote to memory of 3784 N/A C:\Users\Admin\AppData\Local\Temp\408.exe C:\Users\Admin\AppData\Local\Temp\408.exe
PID 2396 wrote to memory of 1156 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 2396 wrote to memory of 1156 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 2396 wrote to memory of 1156 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 2396 wrote to memory of 1156 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 2396 wrote to memory of 2232 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 2396 wrote to memory of 2232 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 2396 wrote to memory of 2232 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 2396 wrote to memory of 2232 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 2396 wrote to memory of 2360 N/A N/A C:\Windows\explorer.exe
PID 2396 wrote to memory of 2360 N/A N/A C:\Windows\explorer.exe
PID 2396 wrote to memory of 2360 N/A N/A C:\Windows\explorer.exe
PID 2396 wrote to memory of 1724 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 2396 wrote to memory of 1724 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 2396 wrote to memory of 1724 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 2396 wrote to memory of 1724 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 2396 wrote to memory of 1888 N/A N/A C:\Windows\explorer.exe
PID 2396 wrote to memory of 1888 N/A N/A C:\Windows\explorer.exe
PID 2396 wrote to memory of 1888 N/A N/A C:\Windows\explorer.exe
PID 2396 wrote to memory of 3880 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 2396 wrote to memory of 3880 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 2396 wrote to memory of 3880 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 2396 wrote to memory of 3880 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 2396 wrote to memory of 968 N/A N/A C:\Windows\explorer.exe
PID 2396 wrote to memory of 968 N/A N/A C:\Windows\explorer.exe
PID 2396 wrote to memory of 968 N/A N/A C:\Windows\explorer.exe
PID 2396 wrote to memory of 2876 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 2396 wrote to memory of 2876 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 2396 wrote to memory of 2876 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 2396 wrote to memory of 2876 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 2396 wrote to memory of 1740 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 2396 wrote to memory of 1740 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 2396 wrote to memory of 1740 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1308 wrote to memory of 2060 N/A C:\Users\Admin\AppData\Local\Temp\408.exe C:\Users\Admin\AppData\Roaming\Microsoft\Uxagjed\emukce.exe
PID 1308 wrote to memory of 2060 N/A C:\Users\Admin\AppData\Local\Temp\408.exe C:\Users\Admin\AppData\Roaming\Microsoft\Uxagjed\emukce.exe
PID 1308 wrote to memory of 2060 N/A C:\Users\Admin\AppData\Local\Temp\408.exe C:\Users\Admin\AppData\Roaming\Microsoft\Uxagjed\emukce.exe
PID 2396 wrote to memory of 1740 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1308 wrote to memory of 360 N/A C:\Users\Admin\AppData\Local\Temp\408.exe C:\Windows\SysWOW64\schtasks.exe
PID 1308 wrote to memory of 360 N/A C:\Users\Admin\AppData\Local\Temp\408.exe C:\Windows\SysWOW64\schtasks.exe
PID 1308 wrote to memory of 360 N/A C:\Users\Admin\AppData\Local\Temp\408.exe C:\Windows\SysWOW64\schtasks.exe
PID 2396 wrote to memory of 1504 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 2396 wrote to memory of 1504 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 2396 wrote to memory of 1504 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 2396 wrote to memory of 1504 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 2396 wrote to memory of 1108 N/A N/A C:\Windows\explorer.exe
PID 2396 wrote to memory of 1108 N/A N/A C:\Windows\explorer.exe
PID 2396 wrote to memory of 1108 N/A N/A C:\Windows\explorer.exe
PID 2396 wrote to memory of 3804 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 2396 wrote to memory of 3804 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 2396 wrote to memory of 3804 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 2396 wrote to memory of 3804 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 2060 wrote to memory of 3488 N/A C:\Users\Admin\AppData\Roaming\Microsoft\Uxagjed\emukce.exe C:\Users\Admin\AppData\Roaming\Microsoft\Uxagjed\emukce.exe
PID 2060 wrote to memory of 3488 N/A C:\Users\Admin\AppData\Roaming\Microsoft\Uxagjed\emukce.exe C:\Users\Admin\AppData\Roaming\Microsoft\Uxagjed\emukce.exe
PID 2060 wrote to memory of 3488 N/A C:\Users\Admin\AppData\Roaming\Microsoft\Uxagjed\emukce.exe C:\Users\Admin\AppData\Roaming\Microsoft\Uxagjed\emukce.exe
PID 2060 wrote to memory of 1348 N/A C:\Users\Admin\AppData\Roaming\Microsoft\Uxagjed\emukce.exe C:\Windows\SysWOW64\explorer.exe
PID 2060 wrote to memory of 1348 N/A C:\Users\Admin\AppData\Roaming\Microsoft\Uxagjed\emukce.exe C:\Windows\SysWOW64\explorer.exe
PID 2060 wrote to memory of 1348 N/A C:\Users\Admin\AppData\Roaming\Microsoft\Uxagjed\emukce.exe C:\Windows\SysWOW64\explorer.exe
PID 2060 wrote to memory of 1348 N/A C:\Users\Admin\AppData\Roaming\Microsoft\Uxagjed\emukce.exe C:\Windows\SysWOW64\explorer.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Vuu0hnOqjF.exe

"C:\Users\Admin\AppData\Local\Temp\Vuu0hnOqjF.exe"

C:\Users\Admin\AppData\Local\Temp\408.exe

C:\Users\Admin\AppData\Local\Temp\408.exe

C:\Windows\SysWOW64\explorer.exe

C:\Windows\SysWOW64\explorer.exe

C:\Windows\explorer.exe

C:\Windows\explorer.exe

C:\Windows\SysWOW64\explorer.exe

C:\Windows\SysWOW64\explorer.exe

C:\Users\Admin\AppData\Local\Temp\408.exe

C:\Users\Admin\AppData\Local\Temp\408.exe /C

C:\Windows\SysWOW64\explorer.exe

C:\Windows\SysWOW64\explorer.exe

C:\Windows\SysWOW64\explorer.exe

C:\Windows\SysWOW64\explorer.exe

C:\Windows\explorer.exe

C:\Windows\explorer.exe

C:\Windows\SysWOW64\explorer.exe

C:\Windows\SysWOW64\explorer.exe

C:\Windows\explorer.exe

C:\Windows\explorer.exe

C:\Windows\SysWOW64\explorer.exe

C:\Windows\SysWOW64\explorer.exe

C:\Windows\explorer.exe

C:\Windows\explorer.exe

C:\Windows\SysWOW64\explorer.exe

C:\Windows\SysWOW64\explorer.exe

C:\Windows\SysWOW64\explorer.exe

C:\Windows\SysWOW64\explorer.exe

C:\Windows\SysWOW64\schtasks.exe

"C:\Windows\system32\schtasks.exe" /Create /RU "NT AUTHORITY\SYSTEM" /tn bqobvoti /tr "\"C:\Users\Admin\AppData\Local\Temp\408.exe\" /I bqobvoti" /SC ONCE /Z /ST 03:08 /ET 03:20

C:\Windows\SysWOW64\explorer.exe

C:\Windows\SysWOW64\explorer.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Uxagjed\emukce.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Uxagjed\emukce.exe

C:\Windows\explorer.exe

C:\Windows\explorer.exe

C:\Windows\SysWOW64\explorer.exe

C:\Windows\SysWOW64\explorer.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Uxagjed\emukce.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Uxagjed\emukce.exe /C

C:\Windows\SysWOW64\explorer.exe

C:\Windows\SysWOW64\explorer.exe

Network

Country Destination Domain Proto
N/A 8.8.8.8:53 cent.live udp
N/A 185.99.133.204:80 cent.live tcp
N/A 8.8.8.8:53 duwayainvestment.com udp
N/A 108.167.140.194:443 duwayainvestment.com tcp
N/A 185.99.133.204:80 cent.live tcp

Files

memory/1112-2-0x00000000063E0000-0x00000000063E1000-memory.dmp

\Users\Admin\AppData\Local\Temp\554B.tmp

MD5 50741b3f2d7debf5d2bed63d88404029
SHA1 56210388a627b926162b36967045be06ffb1aad3
SHA256 f2f8732ae464738372ff274b7e481366cecdd2337210d4a3cbcd089c958a730c
SHA512 fac6bfe35b1ee08b3d42d330516a260d9cdb4a90bbb0491411a583029b92a59d20af3552372ea8fb3f59442b3945bf524ef284127f397ae7179467080be8e9b3

memory/2396-4-0x0000000001040000-0x0000000001055000-memory.dmp

memory/1308-5-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\408.exe

MD5 ba98119e8d3b219a5ff1d3984a5f1bd0
SHA1 1de245ea6d17394a769da39711d8cde6eea88b4c
SHA256 c4d55748a4499a17b13c62635b1a9137882739afdd05e855f3248b01541747b5
SHA512 589d5ee340c4117227cc0583236d625648d6f185800fee61077066c8b2d4424f3cc84212f8f77e6b3dcbfa3f872ed7264228b29a9ae71de3d6557fc7b917ccb7

C:\Users\Admin\AppData\Local\Temp\408.exe

MD5 ba98119e8d3b219a5ff1d3984a5f1bd0
SHA1 1de245ea6d17394a769da39711d8cde6eea88b4c
SHA256 c4d55748a4499a17b13c62635b1a9137882739afdd05e855f3248b01541747b5
SHA512 589d5ee340c4117227cc0583236d625648d6f185800fee61077066c8b2d4424f3cc84212f8f77e6b3dcbfa3f872ed7264228b29a9ae71de3d6557fc7b917ccb7

memory/2396-8-0x0000000002FA0000-0x000000000300B000-memory.dmp

memory/2396-9-0x0000000002FA0000-0x000000000300B000-memory.dmp

memory/2696-10-0x0000000000000000-mapping.dmp

memory/2696-11-0x0000000003100000-0x000000000316B000-memory.dmp

memory/2696-12-0x0000000003170000-0x00000000031E5000-memory.dmp

memory/2396-13-0x0000000001210000-0x000000000121C000-memory.dmp

memory/3636-17-0x0000000000000000-mapping.dmp

memory/3636-21-0x0000000000380000-0x000000000038C000-memory.dmp

memory/3636-22-0x0000000000390000-0x0000000000397000-memory.dmp

memory/2528-163-0x0000000000000000-mapping.dmp

memory/2528-165-0x0000000000900000-0x0000000000904000-memory.dmp

memory/2528-164-0x00000000008F0000-0x00000000008F9000-memory.dmp

memory/2396-166-0x0000000001210000-0x000000000121A000-memory.dmp

memory/2396-167-0x0000000001210000-0x000000000121A000-memory.dmp

memory/2396-168-0x0000000001210000-0x000000000121A000-memory.dmp

memory/2396-169-0x0000000001210000-0x000000000121A000-memory.dmp

memory/2396-170-0x0000000001210000-0x000000000121A000-memory.dmp

memory/2396-171-0x0000000001210000-0x000000000121A000-memory.dmp

memory/2396-172-0x0000000001210000-0x000000000121A000-memory.dmp

memory/2396-173-0x0000000001210000-0x000000000121A000-memory.dmp

memory/2396-174-0x0000000001210000-0x000000000121A000-memory.dmp

memory/2396-175-0x0000000001210000-0x000000000121A000-memory.dmp

memory/2396-176-0x0000000001210000-0x000000000121A000-memory.dmp

memory/2396-177-0x0000000001210000-0x000000000121A000-memory.dmp

memory/2396-178-0x0000000001210000-0x000000000121A000-memory.dmp

memory/2396-179-0x0000000001210000-0x000000000121A000-memory.dmp

memory/2396-180-0x0000000001210000-0x000000000121A000-memory.dmp

memory/2396-181-0x0000000001210000-0x000000000121A000-memory.dmp

memory/2396-182-0x0000000001210000-0x000000000121A000-memory.dmp

memory/2396-183-0x0000000001210000-0x000000000121A000-memory.dmp

memory/2396-184-0x0000000001210000-0x000000000121A000-memory.dmp

memory/2396-185-0x0000000001210000-0x000000000121A000-memory.dmp

memory/2396-186-0x0000000001210000-0x000000000121A000-memory.dmp

memory/2396-187-0x0000000001210000-0x000000000121A000-memory.dmp

memory/2396-188-0x0000000001210000-0x000000000121A000-memory.dmp

memory/2396-189-0x0000000001210000-0x000000000121A000-memory.dmp

memory/2396-191-0x0000000001210000-0x000000000121A000-memory.dmp

memory/2396-192-0x0000000001210000-0x000000000121A000-memory.dmp

memory/2396-193-0x0000000001210000-0x000000000121A000-memory.dmp

memory/2396-194-0x0000000001210000-0x000000000121A000-memory.dmp

memory/2396-195-0x0000000001210000-0x000000000121A000-memory.dmp

memory/2396-190-0x0000000001210000-0x000000000121A000-memory.dmp

memory/3784-197-0x0000000000000000-mapping.dmp

memory/2396-196-0x0000000001210000-0x000000000121A000-memory.dmp

memory/2396-198-0x0000000001210000-0x000000000121A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\408.exe

MD5 ba98119e8d3b219a5ff1d3984a5f1bd0
SHA1 1de245ea6d17394a769da39711d8cde6eea88b4c
SHA256 c4d55748a4499a17b13c62635b1a9137882739afdd05e855f3248b01541747b5
SHA512 589d5ee340c4117227cc0583236d625648d6f185800fee61077066c8b2d4424f3cc84212f8f77e6b3dcbfa3f872ed7264228b29a9ae71de3d6557fc7b917ccb7

memory/2396-199-0x0000000001210000-0x000000000121A000-memory.dmp

memory/2396-201-0x0000000001210000-0x000000000121A000-memory.dmp

memory/2396-203-0x0000000001210000-0x000000000121A000-memory.dmp

memory/2396-204-0x0000000001210000-0x000000000121A000-memory.dmp

memory/2396-202-0x0000000001210000-0x000000000121A000-memory.dmp

memory/2396-206-0x0000000001210000-0x000000000121A000-memory.dmp

memory/2396-205-0x0000000001210000-0x000000000121A000-memory.dmp

memory/2396-207-0x0000000001210000-0x000000000121A000-memory.dmp

memory/2396-208-0x0000000001210000-0x000000000121A000-memory.dmp

memory/2396-210-0x0000000001210000-0x000000000121A000-memory.dmp

memory/2396-209-0x0000000001210000-0x000000000121A000-memory.dmp

memory/2396-211-0x0000000001210000-0x000000000121A000-memory.dmp

memory/2396-213-0x0000000001210000-0x000000000121A000-memory.dmp

memory/2396-212-0x0000000001210000-0x000000000121A000-memory.dmp

memory/2396-214-0x0000000001210000-0x000000000121A000-memory.dmp

memory/2396-215-0x0000000001210000-0x000000000121A000-memory.dmp

memory/2396-216-0x0000000001210000-0x000000000121A000-memory.dmp

memory/2396-217-0x0000000001210000-0x000000000121A000-memory.dmp

memory/2396-220-0x0000000001210000-0x000000000121A000-memory.dmp

memory/2396-219-0x0000000001230000-0x000000000123A000-memory.dmp

memory/2396-218-0x0000000001230000-0x000000000123A000-memory.dmp

memory/2396-222-0x0000000001210000-0x000000000121A000-memory.dmp

memory/2396-223-0x0000000001210000-0x000000000121A000-memory.dmp

memory/1156-224-0x0000000000680000-0x000000000068B000-memory.dmp

memory/2396-227-0x0000000001210000-0x000000000121A000-memory.dmp

memory/2396-229-0x0000000001210000-0x000000000121A000-memory.dmp

memory/2396-225-0x0000000001210000-0x000000000121A000-memory.dmp

memory/2396-232-0x0000000001210000-0x000000000121A000-memory.dmp

memory/2396-235-0x0000000001210000-0x000000000121A000-memory.dmp

memory/2396-233-0x0000000001210000-0x000000000121A000-memory.dmp

memory/1156-221-0x0000000000000000-mapping.dmp

memory/2396-237-0x0000000001210000-0x000000000121A000-memory.dmp

memory/2396-239-0x0000000001210000-0x000000000121A000-memory.dmp

memory/2396-244-0x0000000001210000-0x000000000121A000-memory.dmp

memory/2396-245-0x0000000001210000-0x000000000121A000-memory.dmp

memory/2396-248-0x0000000001210000-0x000000000121A000-memory.dmp

memory/2396-241-0x0000000001210000-0x000000000121A000-memory.dmp

memory/2396-249-0x0000000001210000-0x000000000121A000-memory.dmp

memory/2396-251-0x0000000001210000-0x000000000121A000-memory.dmp

memory/2396-253-0x0000000001210000-0x000000000121A000-memory.dmp

memory/2396-260-0x0000000001210000-0x000000000121A000-memory.dmp

memory/2232-259-0x0000000000000000-mapping.dmp

memory/2396-257-0x0000000001210000-0x000000000121A000-memory.dmp

memory/2232-265-0x0000000000350000-0x000000000035B000-memory.dmp

memory/2232-267-0x0000000000360000-0x0000000000367000-memory.dmp

memory/2396-268-0x0000000001210000-0x0000000001219000-memory.dmp

memory/2396-271-0x0000000001210000-0x0000000001219000-memory.dmp

memory/2396-274-0x0000000001210000-0x0000000001219000-memory.dmp

memory/2396-277-0x0000000001210000-0x0000000001219000-memory.dmp

memory/2396-280-0x0000000001210000-0x0000000001219000-memory.dmp

memory/2396-282-0x0000000001210000-0x0000000001219000-memory.dmp

memory/2396-287-0x0000000001210000-0x0000000001219000-memory.dmp

memory/2396-292-0x0000000001230000-0x000000000123A000-memory.dmp

memory/2396-295-0x0000000001210000-0x0000000001219000-memory.dmp

memory/2396-301-0x0000000001210000-0x0000000001219000-memory.dmp

memory/2360-302-0x0000000000000000-mapping.dmp

memory/2396-308-0x0000000001210000-0x0000000001219000-memory.dmp

memory/2360-313-0x0000000000BF0000-0x0000000000BF9000-memory.dmp

memory/2396-316-0x0000000001210000-0x0000000001219000-memory.dmp

memory/2360-310-0x0000000000BE0000-0x0000000000BEE000-memory.dmp

memory/2396-318-0x0000000001210000-0x0000000001219000-memory.dmp

memory/2396-311-0x0000000001210000-0x0000000001219000-memory.dmp

memory/2396-304-0x0000000001210000-0x0000000001219000-memory.dmp

memory/2396-297-0x0000000001210000-0x0000000001219000-memory.dmp

memory/2396-290-0x0000000001210000-0x0000000001219000-memory.dmp

memory/2396-285-0x0000000001210000-0x0000000001219000-memory.dmp

memory/2396-322-0x0000000001210000-0x0000000001219000-memory.dmp

memory/2396-326-0x0000000001210000-0x0000000001219000-memory.dmp

memory/2396-335-0x0000000001210000-0x0000000001219000-memory.dmp

memory/2396-337-0x0000000001210000-0x0000000001219000-memory.dmp

memory/2396-344-0x0000000001210000-0x0000000001219000-memory.dmp

memory/2396-346-0x0000000001210000-0x0000000001219000-memory.dmp

memory/2396-351-0x0000000001210000-0x0000000001219000-memory.dmp

memory/2396-331-0x0000000001210000-0x0000000001219000-memory.dmp

memory/2396-360-0x0000000001210000-0x0000000001219000-memory.dmp

memory/1724-356-0x0000000000000000-mapping.dmp

memory/2396-369-0x0000000001210000-0x0000000001219000-memory.dmp

memory/1724-368-0x0000000000900000-0x0000000000905000-memory.dmp

memory/2396-374-0x0000000001210000-0x0000000001219000-memory.dmp

memory/2396-383-0x0000000001210000-0x0000000001219000-memory.dmp

memory/2396-394-0x0000000001230000-0x000000000123A000-memory.dmp

memory/2396-398-0x0000000001210000-0x0000000001219000-memory.dmp

memory/2396-393-0x0000000001210000-0x0000000001219000-memory.dmp

memory/2396-403-0x0000000001210000-0x0000000001219000-memory.dmp

memory/1888-406-0x0000000000000000-mapping.dmp

memory/2396-409-0x0000000001210000-0x0000000001219000-memory.dmp

memory/2396-418-0x0000000001210000-0x0000000001219000-memory.dmp

memory/1888-417-0x0000000001220000-0x000000000122C000-memory.dmp

memory/1888-423-0x0000000001230000-0x0000000001236000-memory.dmp

memory/2396-428-0x0000000001210000-0x0000000001219000-memory.dmp

memory/2396-422-0x0000000001210000-0x0000000001219000-memory.dmp

memory/2396-440-0x0000000001210000-0x0000000001219000-memory.dmp

memory/2396-445-0x0000000001210000-0x0000000001219000-memory.dmp

memory/3784-454-0x0000000002870000-0x0000000002871000-memory.dmp

memory/3880-459-0x0000000000000000-mapping.dmp

memory/2396-464-0x0000000001210000-0x0000000001219000-memory.dmp

memory/3880-468-0x0000000003100000-0x0000000003109000-memory.dmp

memory/3880-473-0x0000000003110000-0x0000000003114000-memory.dmp

memory/2396-452-0x0000000001210000-0x0000000001219000-memory.dmp

memory/2396-457-0x0000000001210000-0x0000000001219000-memory.dmp

memory/2396-435-0x0000000001210000-0x0000000001219000-memory.dmp

memory/2396-497-0x00000000011F0000-0x00000000011F9000-memory.dmp

memory/968-507-0x0000000000000000-mapping.dmp

memory/2396-511-0x00000000011F0000-0x00000000011F9000-memory.dmp

memory/2396-413-0x0000000001210000-0x0000000001219000-memory.dmp

memory/2396-388-0x0000000001210000-0x0000000001219000-memory.dmp

memory/2396-379-0x0000000001210000-0x0000000001219000-memory.dmp

memory/1724-365-0x00000000008F0000-0x00000000008F9000-memory.dmp

memory/2396-364-0x0000000001210000-0x0000000001219000-memory.dmp

memory/2396-355-0x0000000001210000-0x0000000001219000-memory.dmp

memory/968-518-0x0000000000C10000-0x0000000000C19000-memory.dmp

memory/968-525-0x0000000000C20000-0x0000000000C25000-memory.dmp

memory/2396-532-0x00000000011F0000-0x00000000011F9000-memory.dmp

memory/2396-543-0x00000000011F0000-0x00000000011F9000-memory.dmp

memory/2396-522-0x00000000011F0000-0x00000000011F9000-memory.dmp

memory/2396-554-0x00000000011F0000-0x00000000011F9000-memory.dmp

memory/2396-564-0x00000000011F0000-0x00000000011F9000-memory.dmp

memory/2876-573-0x0000000000410000-0x0000000000437000-memory.dmp

memory/2396-575-0x00000000011F0000-0x00000000011F9000-memory.dmp

memory/2396-586-0x00000000011F0000-0x00000000011F9000-memory.dmp

memory/2396-597-0x0000000001060000-0x0000000001069000-memory.dmp

memory/2396-613-0x00000000011F0000-0x00000000011F9000-memory.dmp

memory/1740-611-0x0000000000000000-mapping.dmp

memory/1740-636-0x0000000000900000-0x0000000000905000-memory.dmp

memory/360-631-0x0000000000000000-mapping.dmp

memory/1504-658-0x0000000000000000-mapping.dmp

memory/1740-627-0x00000000008F0000-0x00000000008F9000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Uxagjed\emukce.exe

MD5 ba98119e8d3b219a5ff1d3984a5f1bd0
SHA1 1de245ea6d17394a769da39711d8cde6eea88b4c
SHA256 c4d55748a4499a17b13c62635b1a9137882739afdd05e855f3248b01541747b5
SHA512 589d5ee340c4117227cc0583236d625648d6f185800fee61077066c8b2d4424f3cc84212f8f77e6b3dcbfa3f872ed7264228b29a9ae71de3d6557fc7b917ccb7

C:\Users\Admin\AppData\Roaming\Microsoft\Uxagjed\emukce.exe

MD5 ba98119e8d3b219a5ff1d3984a5f1bd0
SHA1 1de245ea6d17394a769da39711d8cde6eea88b4c
SHA256 c4d55748a4499a17b13c62635b1a9137882739afdd05e855f3248b01541747b5
SHA512 589d5ee340c4117227cc0583236d625648d6f185800fee61077066c8b2d4424f3cc84212f8f77e6b3dcbfa3f872ed7264228b29a9ae71de3d6557fc7b917ccb7

memory/2060-605-0x0000000000000000-mapping.dmp

memory/2876-581-0x0000000000440000-0x0000000000462000-memory.dmp

memory/2876-560-0x0000000000000000-mapping.dmp

memory/1504-679-0x0000000000340000-0x0000000000346000-memory.dmp

memory/1504-672-0x0000000000330000-0x000000000033B000-memory.dmp

memory/1108-701-0x0000000000000000-mapping.dmp

memory/1108-716-0x0000000000BB0000-0x0000000000BBD000-memory.dmp

memory/1108-723-0x0000000000BC0000-0x0000000000BC7000-memory.dmp

memory/3804-746-0x0000000000000000-mapping.dmp

memory/3804-767-0x0000000003110000-0x0000000003118000-memory.dmp

memory/3804-760-0x0000000003100000-0x000000000310B000-memory.dmp

memory/3488-860-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Uxagjed\emukce.exe

MD5 ba98119e8d3b219a5ff1d3984a5f1bd0
SHA1 1de245ea6d17394a769da39711d8cde6eea88b4c
SHA256 c4d55748a4499a17b13c62635b1a9137882739afdd05e855f3248b01541747b5
SHA512 589d5ee340c4117227cc0583236d625648d6f185800fee61077066c8b2d4424f3cc84212f8f77e6b3dcbfa3f872ed7264228b29a9ae71de3d6557fc7b917ccb7

memory/2396-1163-0x00000000011F0000-0x00000000011F9000-memory.dmp

memory/2396-1168-0x0000000001060000-0x0000000001065000-memory.dmp

memory/2396-1179-0x0000000001060000-0x0000000001065000-memory.dmp

memory/2396-1173-0x0000000001060000-0x0000000001065000-memory.dmp

memory/2396-1184-0x0000000001060000-0x0000000001065000-memory.dmp

memory/2396-1198-0x0000000001060000-0x0000000001065000-memory.dmp

memory/2396-1202-0x0000000001060000-0x0000000001065000-memory.dmp

memory/2396-1190-0x0000000001060000-0x0000000001065000-memory.dmp

memory/2396-1215-0x0000000001060000-0x0000000001065000-memory.dmp

memory/2396-1221-0x0000000001060000-0x0000000001065000-memory.dmp

memory/2396-1210-0x0000000001060000-0x0000000001065000-memory.dmp

memory/2396-1225-0x0000000001060000-0x0000000001065000-memory.dmp

memory/2396-1238-0x0000000001060000-0x0000000001065000-memory.dmp

memory/2396-1232-0x0000000001060000-0x0000000001065000-memory.dmp

memory/2396-1249-0x0000000001060000-0x0000000001065000-memory.dmp

memory/2396-1244-0x0000000001060000-0x0000000001065000-memory.dmp

memory/2396-1255-0x0000000001060000-0x0000000001065000-memory.dmp

memory/2396-1259-0x0000000001060000-0x0000000001065000-memory.dmp

memory/2396-1263-0x0000000001060000-0x0000000001065000-memory.dmp

memory/2396-1268-0x0000000001060000-0x0000000001065000-memory.dmp

memory/2396-1273-0x0000000001060000-0x0000000001065000-memory.dmp

memory/2396-1278-0x0000000001060000-0x0000000001065000-memory.dmp

memory/2396-1283-0x0000000001060000-0x0000000001065000-memory.dmp

memory/2396-1288-0x0000000001060000-0x0000000001065000-memory.dmp

memory/2396-1293-0x0000000001060000-0x0000000001065000-memory.dmp

memory/2396-1298-0x0000000001060000-0x0000000001065000-memory.dmp

memory/2396-1304-0x0000000001060000-0x0000000001065000-memory.dmp

memory/2396-1308-0x0000000001060000-0x0000000001065000-memory.dmp

memory/2396-1312-0x0000000001060000-0x0000000001065000-memory.dmp

memory/2396-1317-0x0000000001060000-0x0000000001065000-memory.dmp

memory/2396-1322-0x0000000001060000-0x0000000001065000-memory.dmp

memory/2396-1331-0x0000000001060000-0x0000000001065000-memory.dmp

memory/2396-1336-0x0000000001060000-0x0000000001065000-memory.dmp

memory/2396-1326-0x0000000001060000-0x0000000001065000-memory.dmp

memory/3488-1343-0x0000000002820000-0x0000000002821000-memory.dmp

memory/2396-1347-0x0000000001060000-0x0000000001065000-memory.dmp

memory/2396-1362-0x0000000001060000-0x0000000001065000-memory.dmp

memory/1348-1368-0x0000000000000000-mapping.dmp

memory/2396-1367-0x0000000001060000-0x0000000001065000-memory.dmp

memory/2060-1361-0x00000000020A0000-0x00000000020DA000-memory.dmp

memory/2396-1373-0x0000000001060000-0x0000000001065000-memory.dmp

memory/2396-1378-0x0000000001060000-0x0000000001065000-memory.dmp

memory/2396-1351-0x0000000001060000-0x0000000001065000-memory.dmp

memory/2396-1356-0x0000000001060000-0x0000000001065000-memory.dmp

memory/2396-1340-0x0000000001060000-0x0000000001065000-memory.dmp

memory/2396-1383-0x0000000001060000-0x0000000001065000-memory.dmp

memory/2396-1388-0x0000000001060000-0x0000000001065000-memory.dmp

memory/2396-1397-0x0000000001060000-0x0000000001065000-memory.dmp

memory/2396-1392-0x0000000001060000-0x0000000001065000-memory.dmp

memory/2396-1407-0x0000000001060000-0x0000000001065000-memory.dmp

memory/2396-1403-0x0000000001060000-0x0000000001065000-memory.dmp

memory/2396-1415-0x0000000001060000-0x0000000001065000-memory.dmp

memory/2396-1410-0x0000000001060000-0x0000000001065000-memory.dmp

memory/2396-1418-0x0000000001060000-0x0000000001065000-memory.dmp

memory/2396-1426-0x0000000001060000-0x0000000001065000-memory.dmp

memory/2396-1423-0x0000000001060000-0x0000000001065000-memory.dmp

memory/2396-1434-0x0000000001060000-0x0000000001065000-memory.dmp

memory/2396-1437-0x0000000001060000-0x0000000001065000-memory.dmp

memory/2396-1441-0x0000000001060000-0x0000000001065000-memory.dmp

memory/2396-1444-0x0000000001060000-0x0000000001065000-memory.dmp

memory/2396-1448-0x0000000001060000-0x0000000001065000-memory.dmp

memory/2396-1430-0x0000000001060000-0x0000000001065000-memory.dmp

memory/2396-1454-0x0000000001060000-0x0000000001065000-memory.dmp

memory/2396-1457-0x0000000001060000-0x0000000001065000-memory.dmp

memory/2396-1452-0x0000000001060000-0x0000000001065000-memory.dmp

memory/2396-1460-0x0000000001060000-0x0000000001065000-memory.dmp

memory/2396-1462-0x0000000001060000-0x0000000001065000-memory.dmp

memory/2396-1465-0x0000000001060000-0x0000000001065000-memory.dmp

memory/2396-1468-0x0000000001060000-0x0000000001065000-memory.dmp

memory/2396-1472-0x0000000001060000-0x0000000001065000-memory.dmp

memory/2396-1473-0x0000000001060000-0x0000000001065000-memory.dmp

memory/2396-1480-0x0000000001060000-0x0000000001065000-memory.dmp

memory/2396-1483-0x0000000001060000-0x0000000001065000-memory.dmp

memory/2396-1485-0x0000000001060000-0x0000000001065000-memory.dmp

memory/2396-1476-0x0000000001060000-0x0000000001065000-memory.dmp

memory/2396-1487-0x0000000001060000-0x0000000001065000-memory.dmp

memory/2396-1488-0x0000000001060000-0x0000000001065000-memory.dmp

memory/2396-1490-0x0000000001060000-0x0000000001065000-memory.dmp

memory/2396-1494-0x0000000001060000-0x0000000001065000-memory.dmp

memory/2396-1495-0x0000000001060000-0x0000000001065000-memory.dmp

memory/2396-1497-0x0000000001060000-0x0000000001065000-memory.dmp

memory/2396-1499-0x0000000001060000-0x0000000001065000-memory.dmp

memory/2396-1492-0x0000000001060000-0x0000000001065000-memory.dmp

memory/2396-1501-0x0000000001060000-0x0000000001065000-memory.dmp

memory/2396-1502-0x0000000001060000-0x0000000001065000-memory.dmp

memory/2396-1505-0x00000000011F0000-0x00000000011F9000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Uxagjed\emukce.dat

MD5 d64ede4d21616ebbaaa1a0d54bdb27bb
SHA1 99d8a05093b2dfe3364d0fbbb0c7c3ae124c93ab
SHA256 6f4683241939bb642650ad14769e9a4f2b47f8ec78867df5868424094c58aa2c
SHA512 dd4fe22936e24ff36741388244393b127014f7ce31aa4465df2dd443adeba820d4e5cbd6214d218086a3a8f3b2bf62d7b8bf72b2af138e68e7369387f25b9567

memory/2396-1589-0x00000000011F0000-0x00000000011F9000-memory.dmp

memory/2396-1671-0x00000000011F0000-0x00000000011F9000-memory.dmp

memory/2396-1753-0x00000000011F0000-0x00000000011F9000-memory.dmp

memory/2396-1835-0x00000000011F0000-0x00000000011F9000-memory.dmp

memory/2396-1917-0x00000000011F0000-0x00000000011F9000-memory.dmp

memory/2396-1999-0x00000000011F0000-0x00000000011F9000-memory.dmp

memory/2396-2081-0x00000000011F0000-0x00000000011F9000-memory.dmp

memory/2396-2245-0x00000000011F0000-0x00000000011F9000-memory.dmp

memory/2396-2326-0x00000000011F0000-0x00000000011F9000-memory.dmp