Analysis Overview
SHA256
8edc4c2dd797397d883e6f73866939f182dde407b270ae7655b17bf55dfb0902
Threat Level: Known bad
The file sample-324887-0a7ab9da9997bf3f75ec4549a9b9daf0.zip was found to be: Known bad.
Malicious Activity Summary
SmokeLoader
Qakbot/Qbot
Executes dropped EXE
Loads dropped DLL
Deletes itself
Reads user/profile data of web browsers
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Creates scheduled task(s)
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
Suspicious use of UnmapMainImage
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2020-12-05 03:08
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2020-12-05 03:08
Reported
2020-12-05 03:11
Platform
win7v20201028
Max time kernel
151s
Max time network
126s
Command Line
Signatures
SmokeLoader
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Vuu0hnOqjF.exe | N/A |
Reads user/profile data of web browsers
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\Vuu0hnOqjF.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\Vuu0hnOqjF.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\Vuu0hnOqjF.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Vuu0hnOqjF.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Vuu0hnOqjF.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Vuu0hnOqjF.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1268 wrote to memory of 2016 | N/A | N/A | C:\Windows\SysWOW64\explorer.exe |
| PID 1268 wrote to memory of 2016 | N/A | N/A | C:\Windows\SysWOW64\explorer.exe |
| PID 1268 wrote to memory of 2016 | N/A | N/A | C:\Windows\SysWOW64\explorer.exe |
| PID 1268 wrote to memory of 2016 | N/A | N/A | C:\Windows\SysWOW64\explorer.exe |
| PID 1268 wrote to memory of 2016 | N/A | N/A | C:\Windows\SysWOW64\explorer.exe |
| PID 1268 wrote to memory of 1472 | N/A | N/A | C:\Windows\explorer.exe |
| PID 1268 wrote to memory of 1472 | N/A | N/A | C:\Windows\explorer.exe |
| PID 1268 wrote to memory of 1472 | N/A | N/A | C:\Windows\explorer.exe |
| PID 1268 wrote to memory of 1472 | N/A | N/A | C:\Windows\explorer.exe |
| PID 1268 wrote to memory of 600 | N/A | N/A | C:\Windows\SysWOW64\explorer.exe |
| PID 1268 wrote to memory of 600 | N/A | N/A | C:\Windows\SysWOW64\explorer.exe |
| PID 1268 wrote to memory of 600 | N/A | N/A | C:\Windows\SysWOW64\explorer.exe |
| PID 1268 wrote to memory of 600 | N/A | N/A | C:\Windows\SysWOW64\explorer.exe |
| PID 1268 wrote to memory of 600 | N/A | N/A | C:\Windows\SysWOW64\explorer.exe |
| PID 1268 wrote to memory of 1276 | N/A | N/A | C:\Windows\SysWOW64\explorer.exe |
| PID 1268 wrote to memory of 1276 | N/A | N/A | C:\Windows\SysWOW64\explorer.exe |
| PID 1268 wrote to memory of 1276 | N/A | N/A | C:\Windows\SysWOW64\explorer.exe |
| PID 1268 wrote to memory of 1276 | N/A | N/A | C:\Windows\SysWOW64\explorer.exe |
| PID 1268 wrote to memory of 1276 | N/A | N/A | C:\Windows\SysWOW64\explorer.exe |
| PID 1268 wrote to memory of 1536 | N/A | N/A | C:\Windows\SysWOW64\explorer.exe |
| PID 1268 wrote to memory of 1536 | N/A | N/A | C:\Windows\SysWOW64\explorer.exe |
| PID 1268 wrote to memory of 1536 | N/A | N/A | C:\Windows\SysWOW64\explorer.exe |
| PID 1268 wrote to memory of 1536 | N/A | N/A | C:\Windows\SysWOW64\explorer.exe |
| PID 1268 wrote to memory of 1536 | N/A | N/A | C:\Windows\SysWOW64\explorer.exe |
| PID 1268 wrote to memory of 1600 | N/A | N/A | C:\Windows\explorer.exe |
| PID 1268 wrote to memory of 1600 | N/A | N/A | C:\Windows\explorer.exe |
| PID 1268 wrote to memory of 1600 | N/A | N/A | C:\Windows\explorer.exe |
| PID 1268 wrote to memory of 1600 | N/A | N/A | C:\Windows\explorer.exe |
| PID 1268 wrote to memory of 2012 | N/A | N/A | C:\Windows\SysWOW64\explorer.exe |
| PID 1268 wrote to memory of 2012 | N/A | N/A | C:\Windows\SysWOW64\explorer.exe |
| PID 1268 wrote to memory of 2012 | N/A | N/A | C:\Windows\SysWOW64\explorer.exe |
| PID 1268 wrote to memory of 2012 | N/A | N/A | C:\Windows\SysWOW64\explorer.exe |
| PID 1268 wrote to memory of 2012 | N/A | N/A | C:\Windows\SysWOW64\explorer.exe |
| PID 1268 wrote to memory of 1232 | N/A | N/A | C:\Windows\explorer.exe |
| PID 1268 wrote to memory of 1232 | N/A | N/A | C:\Windows\explorer.exe |
| PID 1268 wrote to memory of 1232 | N/A | N/A | C:\Windows\explorer.exe |
| PID 1268 wrote to memory of 1232 | N/A | N/A | C:\Windows\explorer.exe |
| PID 1268 wrote to memory of 1324 | N/A | N/A | C:\Windows\SysWOW64\explorer.exe |
| PID 1268 wrote to memory of 1324 | N/A | N/A | C:\Windows\SysWOW64\explorer.exe |
| PID 1268 wrote to memory of 1324 | N/A | N/A | C:\Windows\SysWOW64\explorer.exe |
| PID 1268 wrote to memory of 1324 | N/A | N/A | C:\Windows\SysWOW64\explorer.exe |
| PID 1268 wrote to memory of 1324 | N/A | N/A | C:\Windows\SysWOW64\explorer.exe |
| PID 1268 wrote to memory of 1844 | N/A | N/A | C:\Windows\explorer.exe |
| PID 1268 wrote to memory of 1844 | N/A | N/A | C:\Windows\explorer.exe |
| PID 1268 wrote to memory of 1844 | N/A | N/A | C:\Windows\explorer.exe |
| PID 1268 wrote to memory of 1844 | N/A | N/A | C:\Windows\explorer.exe |
| PID 1268 wrote to memory of 996 | N/A | N/A | C:\Windows\SysWOW64\explorer.exe |
| PID 1268 wrote to memory of 996 | N/A | N/A | C:\Windows\SysWOW64\explorer.exe |
| PID 1268 wrote to memory of 996 | N/A | N/A | C:\Windows\SysWOW64\explorer.exe |
| PID 1268 wrote to memory of 996 | N/A | N/A | C:\Windows\SysWOW64\explorer.exe |
| PID 1268 wrote to memory of 996 | N/A | N/A | C:\Windows\SysWOW64\explorer.exe |
| PID 1268 wrote to memory of 816 | N/A | N/A | C:\Windows\SysWOW64\explorer.exe |
| PID 1268 wrote to memory of 816 | N/A | N/A | C:\Windows\SysWOW64\explorer.exe |
| PID 1268 wrote to memory of 816 | N/A | N/A | C:\Windows\SysWOW64\explorer.exe |
| PID 1268 wrote to memory of 816 | N/A | N/A | C:\Windows\SysWOW64\explorer.exe |
| PID 1268 wrote to memory of 816 | N/A | N/A | C:\Windows\SysWOW64\explorer.exe |
| PID 1268 wrote to memory of 1160 | N/A | N/A | C:\Windows\SysWOW64\explorer.exe |
| PID 1268 wrote to memory of 1160 | N/A | N/A | C:\Windows\SysWOW64\explorer.exe |
| PID 1268 wrote to memory of 1160 | N/A | N/A | C:\Windows\SysWOW64\explorer.exe |
| PID 1268 wrote to memory of 1160 | N/A | N/A | C:\Windows\SysWOW64\explorer.exe |
| PID 1268 wrote to memory of 1160 | N/A | N/A | C:\Windows\SysWOW64\explorer.exe |
| PID 1268 wrote to memory of 1416 | N/A | N/A | C:\Windows\explorer.exe |
| PID 1268 wrote to memory of 1416 | N/A | N/A | C:\Windows\explorer.exe |
| PID 1268 wrote to memory of 1416 | N/A | N/A | C:\Windows\explorer.exe |
| PID 1268 wrote to memory of 1416 | N/A | N/A | C:\Windows\explorer.exe |
| PID 1268 wrote to memory of 1032 | N/A | N/A | C:\Windows\SysWOW64\explorer.exe |
| PID 1268 wrote to memory of 1032 | N/A | N/A | C:\Windows\SysWOW64\explorer.exe |
| PID 1268 wrote to memory of 1032 | N/A | N/A | C:\Windows\SysWOW64\explorer.exe |
| PID 1268 wrote to memory of 1032 | N/A | N/A | C:\Windows\SysWOW64\explorer.exe |
| PID 1268 wrote to memory of 1032 | N/A | N/A | C:\Windows\SysWOW64\explorer.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\Vuu0hnOqjF.exe
"C:\Users\Admin\AppData\Local\Temp\Vuu0hnOqjF.exe"
C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
C:\Windows\explorer.exe
C:\Windows\explorer.exe
C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
C:\Windows\explorer.exe
C:\Windows\explorer.exe
C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
C:\Windows\explorer.exe
C:\Windows\explorer.exe
C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
C:\Windows\explorer.exe
C:\Windows\explorer.exe
C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
C:\Windows\explorer.exe
C:\Windows\explorer.exe
C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
Network
| Country | Destination | Domain | Proto |
| N/A | 8.8.8.8:53 | cent.live | udp |
| N/A | 185.99.133.204:80 | cent.live | tcp |
| N/A | 8.8.8.8:53 | duwayainvestment.com | udp |
| N/A | 108.167.140.194:443 | duwayainvestment.com | tcp |
| N/A | 108.167.140.194:443 | duwayainvestment.com | tcp |
Files
memory/2024-2-0x0000000006130000-0x0000000006141000-memory.dmp
\Users\Admin\AppData\Local\Temp\554B.tmp
| MD5 | d124f55b9393c976963407dff51ffa79 |
| SHA1 | 2c7bbedd79791bfb866898c85b504186db610b5d |
| SHA256 | ea1e16247c848c8c171c4cd1fa17bc5a018a1fcb0c0dac25009066b6667b8eef |
| SHA512 | 278fe3a4b1fbbe700e4f4483b610133e975e36e101455661d5197bd892a68839b9d555499040d200c92aefa9e3819380e395c0cd85d5fc845c6364d128a8cf06 |
memory/1268-4-0x0000000002F80000-0x0000000002F95000-memory.dmp
memory/2016-5-0x0000000000000000-mapping.dmp
memory/2016-33-0x0000000000080000-0x00000000000EB000-memory.dmp
memory/2016-34-0x00000000001F0000-0x0000000000265000-memory.dmp
memory/1472-39-0x0000000000000000-mapping.dmp
memory/1472-41-0x0000000000070000-0x0000000000077000-memory.dmp
memory/1472-40-0x0000000000060000-0x000000000006C000-memory.dmp
memory/1268-48-0x0000000002B90000-0x0000000002B97000-memory.dmp
memory/600-51-0x0000000000000000-mapping.dmp
memory/600-54-0x0000000000080000-0x0000000000089000-memory.dmp
memory/600-56-0x0000000000090000-0x0000000000094000-memory.dmp
memory/1268-140-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-141-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1276-142-0x0000000000000000-mapping.dmp
memory/1276-144-0x0000000000090000-0x000000000009A000-memory.dmp
memory/1276-143-0x0000000000080000-0x000000000008B000-memory.dmp
memory/1268-232-0x0000000002B90000-0x0000000002B9A000-memory.dmp
memory/1536-234-0x0000000000000000-mapping.dmp
memory/1536-235-0x0000000000080000-0x000000000008B000-memory.dmp
memory/1536-236-0x0000000000090000-0x0000000000097000-memory.dmp
memory/1600-278-0x0000000000000000-mapping.dmp
memory/1600-283-0x0000000000060000-0x000000000006E000-memory.dmp
memory/1600-285-0x0000000000070000-0x0000000000079000-memory.dmp
memory/2012-360-0x0000000000000000-mapping.dmp
memory/2012-362-0x0000000000080000-0x0000000000089000-memory.dmp
memory/2012-364-0x0000000000090000-0x0000000000095000-memory.dmp
memory/1232-418-0x0000000000000000-mapping.dmp
memory/1232-423-0x0000000000060000-0x000000000006C000-memory.dmp
memory/1232-426-0x0000000000070000-0x0000000000076000-memory.dmp
memory/1268-490-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-489-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-488-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-487-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-486-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-485-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-484-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-483-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-482-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-481-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-480-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-479-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-478-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-477-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-476-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-475-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-474-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-473-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-472-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-471-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-469-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-470-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-468-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-467-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-466-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-465-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-464-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-463-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-462-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-461-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1324-526-0x0000000000000000-mapping.dmp
memory/1324-528-0x0000000000080000-0x0000000000089000-memory.dmp
memory/1324-530-0x0000000000090000-0x0000000000094000-memory.dmp
memory/1268-531-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-534-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-536-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-538-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-540-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-542-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-544-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-546-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-548-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-550-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-552-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-554-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-556-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-558-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-560-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-562-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-564-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-566-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-568-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-572-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-574-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-570-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-529-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-577-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-583-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-580-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1844-582-0x0000000000000000-mapping.dmp
memory/1268-585-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1844-587-0x0000000000060000-0x0000000000069000-memory.dmp
memory/1844-590-0x0000000000070000-0x0000000000075000-memory.dmp
memory/1268-591-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-588-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-597-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-594-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/996-634-0x0000000000000000-mapping.dmp
memory/996-636-0x0000000000080000-0x00000000000A7000-memory.dmp
memory/1268-639-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-640-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-641-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-642-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-643-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-644-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-645-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-646-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-647-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-648-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-649-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-650-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-651-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-638-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/996-637-0x00000000000B0000-0x00000000000D2000-memory.dmp
memory/1268-652-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-653-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-655-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-654-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-656-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-657-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-659-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-660-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-661-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-662-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-663-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-664-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-665-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-666-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-667-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-668-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-658-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-669-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-670-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-673-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-674-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-675-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-677-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-678-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-679-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-676-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-680-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-681-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-682-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-683-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-684-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-685-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-686-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-687-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-688-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-689-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-690-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-691-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-692-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-693-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-694-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-695-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-696-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-697-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-698-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-700-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-701-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-702-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-703-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-704-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-705-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-699-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/816-744-0x0000000000000000-mapping.dmp
memory/1268-774-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-781-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-780-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-779-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-778-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-777-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-776-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-775-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-773-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-772-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-771-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-770-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-769-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-768-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-767-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-766-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-765-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-764-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-763-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-762-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-761-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-760-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-759-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-758-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-757-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-756-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-755-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-754-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-753-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-752-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-751-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/816-750-0x0000000000090000-0x0000000000095000-memory.dmp
memory/1268-749-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-748-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/1268-747-0x0000000002B90000-0x0000000002B94000-memory.dmp
memory/816-746-0x0000000000080000-0x0000000000089000-memory.dmp
memory/1268-801-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-800-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-802-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-799-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-798-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-797-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-796-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-803-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-795-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-794-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-793-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-792-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-791-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-790-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-789-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-788-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-804-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-787-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-786-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-785-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-805-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-784-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-806-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-807-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-809-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-808-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-817-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-816-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-815-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-814-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-813-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-812-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-811-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-810-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-894-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-897-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-896-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1160-895-0x0000000000000000-mapping.dmp
memory/1160-899-0x0000000000080000-0x000000000008B000-memory.dmp
memory/1160-901-0x0000000000090000-0x0000000000096000-memory.dmp
memory/1268-902-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-900-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-898-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-903-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-904-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-905-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-906-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-907-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-908-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-909-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-910-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-911-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-912-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-913-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-914-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-915-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-916-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-917-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-918-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-919-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-920-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-921-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-922-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-923-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-924-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-925-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-926-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-927-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-928-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-929-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-930-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-972-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1268-973-0x0000000002B90000-0x0000000002B95000-memory.dmp
memory/1416-974-0x0000000000000000-mapping.dmp
memory/1416-975-0x0000000000060000-0x000000000006D000-memory.dmp
memory/1416-976-0x0000000000070000-0x0000000000077000-memory.dmp
memory/1268-1018-0x0000000002B90000-0x0000000002B96000-memory.dmp
memory/1268-1051-0x0000000002B90000-0x0000000002B96000-memory.dmp
memory/1268-1050-0x0000000002B90000-0x0000000002B96000-memory.dmp
memory/1268-1049-0x0000000002B90000-0x0000000002B96000-memory.dmp
memory/1268-1048-0x0000000002B90000-0x0000000002B96000-memory.dmp
memory/1268-1047-0x0000000002B90000-0x0000000002B96000-memory.dmp
memory/1268-1046-0x0000000002B90000-0x0000000002B96000-memory.dmp
memory/1268-1045-0x0000000002B90000-0x0000000002B96000-memory.dmp
memory/1268-1044-0x0000000002B90000-0x0000000002B96000-memory.dmp
memory/1268-1042-0x0000000002B90000-0x0000000002B96000-memory.dmp
memory/1268-1043-0x0000000002B90000-0x0000000002B96000-memory.dmp
memory/1268-1041-0x0000000002B90000-0x0000000002B96000-memory.dmp
memory/1268-1040-0x0000000002B90000-0x0000000002B96000-memory.dmp
memory/1268-1039-0x0000000002B90000-0x0000000002B96000-memory.dmp
memory/1268-1038-0x0000000002B90000-0x0000000002B96000-memory.dmp
memory/1268-1037-0x0000000002B90000-0x0000000002B96000-memory.dmp
memory/1268-1036-0x0000000002B90000-0x0000000002B96000-memory.dmp
memory/1268-1035-0x0000000002B90000-0x0000000002B96000-memory.dmp
memory/1268-1034-0x0000000002B90000-0x0000000002B96000-memory.dmp
memory/1268-1033-0x0000000002B90000-0x0000000002B96000-memory.dmp
memory/1268-1032-0x0000000002B90000-0x0000000002B96000-memory.dmp
memory/1268-1031-0x0000000002B90000-0x0000000002B96000-memory.dmp
memory/1268-1030-0x0000000002B90000-0x0000000002B96000-memory.dmp
memory/1268-1029-0x0000000002B90000-0x0000000002B96000-memory.dmp
memory/1268-1028-0x0000000002B90000-0x0000000002B96000-memory.dmp
memory/1268-1027-0x0000000002B90000-0x0000000002B96000-memory.dmp
memory/1268-1025-0x0000000002B90000-0x0000000002B96000-memory.dmp
memory/1268-1026-0x0000000002B90000-0x0000000002B96000-memory.dmp
memory/1268-1024-0x0000000002B90000-0x0000000002B96000-memory.dmp
memory/1268-1023-0x0000000002B90000-0x0000000002B96000-memory.dmp
memory/1268-1022-0x0000000002B90000-0x0000000002B96000-memory.dmp
memory/1268-1021-0x0000000002B90000-0x0000000002B96000-memory.dmp
memory/1268-1020-0x0000000002B90000-0x0000000002B96000-memory.dmp
memory/1268-1019-0x0000000002B90000-0x0000000002B96000-memory.dmp
memory/1268-1017-0x0000000002B90000-0x0000000002B96000-memory.dmp
memory/1268-1016-0x0000000002B90000-0x0000000002B96000-memory.dmp
memory/1032-1169-0x0000000000000000-mapping.dmp
memory/1032-1170-0x0000000000080000-0x000000000008B000-memory.dmp
memory/1032-1171-0x0000000000090000-0x0000000000098000-memory.dmp
memory/1268-1173-0x0000000002B90000-0x0000000002B96000-memory.dmp
memory/1268-1174-0x0000000002B90000-0x0000000002B96000-memory.dmp
memory/1268-1175-0x0000000002B90000-0x0000000002B96000-memory.dmp
memory/1268-1176-0x0000000002B90000-0x0000000002B96000-memory.dmp
memory/1268-1177-0x0000000002B90000-0x0000000002B96000-memory.dmp
memory/1268-1178-0x0000000002B90000-0x0000000002B96000-memory.dmp
memory/1268-1179-0x0000000002B90000-0x0000000002B96000-memory.dmp
memory/1268-1180-0x0000000002B90000-0x0000000002B96000-memory.dmp
memory/1268-1181-0x0000000002B90000-0x0000000002B96000-memory.dmp
memory/1268-1182-0x0000000002B90000-0x0000000002B96000-memory.dmp
memory/1268-1183-0x0000000002B90000-0x0000000002B96000-memory.dmp
memory/1268-1184-0x0000000002B90000-0x0000000002B96000-memory.dmp
memory/1268-1185-0x0000000002B90000-0x0000000002B96000-memory.dmp
memory/1268-1186-0x0000000002B90000-0x0000000002B96000-memory.dmp
memory/1268-1187-0x0000000002B90000-0x0000000002B96000-memory.dmp
memory/1268-1188-0x0000000002B90000-0x0000000002B96000-memory.dmp
memory/1268-1189-0x0000000002B90000-0x0000000002B96000-memory.dmp
memory/1268-1190-0x0000000002B90000-0x0000000002B96000-memory.dmp
memory/1268-1191-0x0000000002B90000-0x0000000002B96000-memory.dmp
memory/1268-1192-0x0000000002B90000-0x0000000002B96000-memory.dmp
memory/1268-1193-0x0000000002B90000-0x0000000002B96000-memory.dmp
memory/1268-1194-0x0000000002B90000-0x0000000002B96000-memory.dmp
memory/1268-1195-0x0000000002B90000-0x0000000002B96000-memory.dmp
memory/1268-1196-0x0000000002B90000-0x0000000002B96000-memory.dmp
memory/1268-1197-0x0000000002B90000-0x0000000002B96000-memory.dmp
memory/1268-1198-0x0000000002B90000-0x0000000002B96000-memory.dmp
memory/1268-1199-0x0000000002B90000-0x0000000002B96000-memory.dmp
memory/1268-1200-0x0000000002B90000-0x0000000002B96000-memory.dmp
memory/1268-1201-0x0000000002B90000-0x0000000002B96000-memory.dmp
memory/1268-1203-0x0000000002B90000-0x0000000002B96000-memory.dmp
memory/1268-1202-0x0000000002B90000-0x0000000002B96000-memory.dmp
memory/1268-1204-0x0000000002B90000-0x0000000002B96000-memory.dmp
memory/1268-1205-0x0000000002B90000-0x0000000002B96000-memory.dmp
memory/1268-1206-0x0000000002B90000-0x0000000002B96000-memory.dmp
memory/1268-1207-0x0000000002B90000-0x0000000002B96000-memory.dmp
memory/1268-1208-0x0000000002B90000-0x0000000002B96000-memory.dmp
memory/1268-1209-0x0000000002B90000-0x0000000002B96000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2020-12-05 03:08
Reported
2020-12-05 03:11
Platform
win10v20201028
Max time kernel
150s
Max time network
110s
Command Line
Signatures
Qakbot/Qbot
SmokeLoader
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\408.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\408.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Microsoft\Uxagjed\emukce.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Microsoft\Uxagjed\emukce.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Vuu0hnOqjF.exe | N/A |
Reads user/profile data of web browsers
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Service | C:\Users\Admin\AppData\Roaming\Microsoft\Uxagjed\emukce.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Service | C:\Users\Admin\AppData\Roaming\Microsoft\Uxagjed\emukce.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_SANU&PROD_SANU_DVD-ROM\4&37CE57BA&0&010000 | C:\Users\Admin\AppData\Local\Temp\408.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\DeviceDesc | C:\Users\Admin\AppData\Roaming\Microsoft\Uxagjed\emukce.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Service | C:\Users\Admin\AppData\Local\Temp\408.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_SANU&PROD_SANU_DVD-ROM\4&37CE57BA&0&010000 | C:\Users\Admin\AppData\Roaming\Microsoft\Uxagjed\emukce.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\Vuu0hnOqjF.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_&PROD_HEARTDISK\4&37CE57BA&0&000000 | C:\Users\Admin\AppData\Local\Temp\408.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_&PROD_HEARTDISK\4&37CE57BA&0&000000 | C:\Users\Admin\AppData\Roaming\Microsoft\Uxagjed\emukce.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\Vuu0hnOqjF.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\DeviceDesc | C:\Users\Admin\AppData\Local\Temp\408.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\DeviceDesc | C:\Users\Admin\AppData\Local\Temp\408.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\DeviceDesc | C:\Users\Admin\AppData\Roaming\Microsoft\Uxagjed\emukce.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\Vuu0hnOqjF.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Service | C:\Users\Admin\AppData\Local\Temp\408.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Vuu0hnOqjF.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Vuu0hnOqjF.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\408.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\408.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\408.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\408.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\408.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\408.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Microsoft\Uxagjed\emukce.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Microsoft\Uxagjed\emukce.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Microsoft\Uxagjed\emukce.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Microsoft\Uxagjed\emukce.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Microsoft\Uxagjed\emukce.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Microsoft\Uxagjed\emukce.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Vuu0hnOqjF.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Microsoft\Uxagjed\emukce.exe | N/A |
Suspicious use of UnmapMainImage
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Vuu0hnOqjF.exe
"C:\Users\Admin\AppData\Local\Temp\Vuu0hnOqjF.exe"
C:\Users\Admin\AppData\Local\Temp\408.exe
C:\Users\Admin\AppData\Local\Temp\408.exe
C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
C:\Windows\explorer.exe
C:\Windows\explorer.exe
C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
C:\Users\Admin\AppData\Local\Temp\408.exe
C:\Users\Admin\AppData\Local\Temp\408.exe /C
C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
C:\Windows\explorer.exe
C:\Windows\explorer.exe
C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
C:\Windows\explorer.exe
C:\Windows\explorer.exe
C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
C:\Windows\explorer.exe
C:\Windows\explorer.exe
C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\system32\schtasks.exe" /Create /RU "NT AUTHORITY\SYSTEM" /tn bqobvoti /tr "\"C:\Users\Admin\AppData\Local\Temp\408.exe\" /I bqobvoti" /SC ONCE /Z /ST 03:08 /ET 03:20
C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
C:\Users\Admin\AppData\Roaming\Microsoft\Uxagjed\emukce.exe
C:\Users\Admin\AppData\Roaming\Microsoft\Uxagjed\emukce.exe
C:\Windows\explorer.exe
C:\Windows\explorer.exe
C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
C:\Users\Admin\AppData\Roaming\Microsoft\Uxagjed\emukce.exe
C:\Users\Admin\AppData\Roaming\Microsoft\Uxagjed\emukce.exe /C
C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
Network
| Country | Destination | Domain | Proto |
| N/A | 8.8.8.8:53 | cent.live | udp |
| N/A | 185.99.133.204:80 | cent.live | tcp |
| N/A | 8.8.8.8:53 | duwayainvestment.com | udp |
| N/A | 108.167.140.194:443 | duwayainvestment.com | tcp |
| N/A | 185.99.133.204:80 | cent.live | tcp |
Files
memory/1112-2-0x00000000063E0000-0x00000000063E1000-memory.dmp
\Users\Admin\AppData\Local\Temp\554B.tmp
| MD5 | 50741b3f2d7debf5d2bed63d88404029 |
| SHA1 | 56210388a627b926162b36967045be06ffb1aad3 |
| SHA256 | f2f8732ae464738372ff274b7e481366cecdd2337210d4a3cbcd089c958a730c |
| SHA512 | fac6bfe35b1ee08b3d42d330516a260d9cdb4a90bbb0491411a583029b92a59d20af3552372ea8fb3f59442b3945bf524ef284127f397ae7179467080be8e9b3 |
memory/2396-4-0x0000000001040000-0x0000000001055000-memory.dmp
memory/1308-5-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\408.exe
| MD5 | ba98119e8d3b219a5ff1d3984a5f1bd0 |
| SHA1 | 1de245ea6d17394a769da39711d8cde6eea88b4c |
| SHA256 | c4d55748a4499a17b13c62635b1a9137882739afdd05e855f3248b01541747b5 |
| SHA512 | 589d5ee340c4117227cc0583236d625648d6f185800fee61077066c8b2d4424f3cc84212f8f77e6b3dcbfa3f872ed7264228b29a9ae71de3d6557fc7b917ccb7 |
C:\Users\Admin\AppData\Local\Temp\408.exe
| MD5 | ba98119e8d3b219a5ff1d3984a5f1bd0 |
| SHA1 | 1de245ea6d17394a769da39711d8cde6eea88b4c |
| SHA256 | c4d55748a4499a17b13c62635b1a9137882739afdd05e855f3248b01541747b5 |
| SHA512 | 589d5ee340c4117227cc0583236d625648d6f185800fee61077066c8b2d4424f3cc84212f8f77e6b3dcbfa3f872ed7264228b29a9ae71de3d6557fc7b917ccb7 |
memory/2396-8-0x0000000002FA0000-0x000000000300B000-memory.dmp
memory/2396-9-0x0000000002FA0000-0x000000000300B000-memory.dmp
memory/2696-10-0x0000000000000000-mapping.dmp
memory/2696-11-0x0000000003100000-0x000000000316B000-memory.dmp
memory/2696-12-0x0000000003170000-0x00000000031E5000-memory.dmp
memory/2396-13-0x0000000001210000-0x000000000121C000-memory.dmp
memory/3636-17-0x0000000000000000-mapping.dmp
memory/3636-21-0x0000000000380000-0x000000000038C000-memory.dmp
memory/3636-22-0x0000000000390000-0x0000000000397000-memory.dmp
memory/2528-163-0x0000000000000000-mapping.dmp
memory/2528-165-0x0000000000900000-0x0000000000904000-memory.dmp
memory/2528-164-0x00000000008F0000-0x00000000008F9000-memory.dmp
memory/2396-166-0x0000000001210000-0x000000000121A000-memory.dmp
memory/2396-167-0x0000000001210000-0x000000000121A000-memory.dmp
memory/2396-168-0x0000000001210000-0x000000000121A000-memory.dmp
memory/2396-169-0x0000000001210000-0x000000000121A000-memory.dmp
memory/2396-170-0x0000000001210000-0x000000000121A000-memory.dmp
memory/2396-171-0x0000000001210000-0x000000000121A000-memory.dmp
memory/2396-172-0x0000000001210000-0x000000000121A000-memory.dmp
memory/2396-173-0x0000000001210000-0x000000000121A000-memory.dmp
memory/2396-174-0x0000000001210000-0x000000000121A000-memory.dmp
memory/2396-175-0x0000000001210000-0x000000000121A000-memory.dmp
memory/2396-176-0x0000000001210000-0x000000000121A000-memory.dmp
memory/2396-177-0x0000000001210000-0x000000000121A000-memory.dmp
memory/2396-178-0x0000000001210000-0x000000000121A000-memory.dmp
memory/2396-179-0x0000000001210000-0x000000000121A000-memory.dmp
memory/2396-180-0x0000000001210000-0x000000000121A000-memory.dmp
memory/2396-181-0x0000000001210000-0x000000000121A000-memory.dmp
memory/2396-182-0x0000000001210000-0x000000000121A000-memory.dmp
memory/2396-183-0x0000000001210000-0x000000000121A000-memory.dmp
memory/2396-184-0x0000000001210000-0x000000000121A000-memory.dmp
memory/2396-185-0x0000000001210000-0x000000000121A000-memory.dmp
memory/2396-186-0x0000000001210000-0x000000000121A000-memory.dmp
memory/2396-187-0x0000000001210000-0x000000000121A000-memory.dmp
memory/2396-188-0x0000000001210000-0x000000000121A000-memory.dmp
memory/2396-189-0x0000000001210000-0x000000000121A000-memory.dmp
memory/2396-191-0x0000000001210000-0x000000000121A000-memory.dmp
memory/2396-192-0x0000000001210000-0x000000000121A000-memory.dmp
memory/2396-193-0x0000000001210000-0x000000000121A000-memory.dmp
memory/2396-194-0x0000000001210000-0x000000000121A000-memory.dmp
memory/2396-195-0x0000000001210000-0x000000000121A000-memory.dmp
memory/2396-190-0x0000000001210000-0x000000000121A000-memory.dmp
memory/3784-197-0x0000000000000000-mapping.dmp
memory/2396-196-0x0000000001210000-0x000000000121A000-memory.dmp
memory/2396-198-0x0000000001210000-0x000000000121A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\408.exe
| MD5 | ba98119e8d3b219a5ff1d3984a5f1bd0 |
| SHA1 | 1de245ea6d17394a769da39711d8cde6eea88b4c |
| SHA256 | c4d55748a4499a17b13c62635b1a9137882739afdd05e855f3248b01541747b5 |
| SHA512 | 589d5ee340c4117227cc0583236d625648d6f185800fee61077066c8b2d4424f3cc84212f8f77e6b3dcbfa3f872ed7264228b29a9ae71de3d6557fc7b917ccb7 |
memory/2396-199-0x0000000001210000-0x000000000121A000-memory.dmp
memory/2396-201-0x0000000001210000-0x000000000121A000-memory.dmp
memory/2396-203-0x0000000001210000-0x000000000121A000-memory.dmp
memory/2396-204-0x0000000001210000-0x000000000121A000-memory.dmp
memory/2396-202-0x0000000001210000-0x000000000121A000-memory.dmp
memory/2396-206-0x0000000001210000-0x000000000121A000-memory.dmp
memory/2396-205-0x0000000001210000-0x000000000121A000-memory.dmp
memory/2396-207-0x0000000001210000-0x000000000121A000-memory.dmp
memory/2396-208-0x0000000001210000-0x000000000121A000-memory.dmp
memory/2396-210-0x0000000001210000-0x000000000121A000-memory.dmp
memory/2396-209-0x0000000001210000-0x000000000121A000-memory.dmp
memory/2396-211-0x0000000001210000-0x000000000121A000-memory.dmp
memory/2396-213-0x0000000001210000-0x000000000121A000-memory.dmp
memory/2396-212-0x0000000001210000-0x000000000121A000-memory.dmp
memory/2396-214-0x0000000001210000-0x000000000121A000-memory.dmp
memory/2396-215-0x0000000001210000-0x000000000121A000-memory.dmp
memory/2396-216-0x0000000001210000-0x000000000121A000-memory.dmp
memory/2396-217-0x0000000001210000-0x000000000121A000-memory.dmp
memory/2396-220-0x0000000001210000-0x000000000121A000-memory.dmp
memory/2396-219-0x0000000001230000-0x000000000123A000-memory.dmp
memory/2396-218-0x0000000001230000-0x000000000123A000-memory.dmp
memory/2396-222-0x0000000001210000-0x000000000121A000-memory.dmp
memory/2396-223-0x0000000001210000-0x000000000121A000-memory.dmp
memory/1156-224-0x0000000000680000-0x000000000068B000-memory.dmp
memory/2396-227-0x0000000001210000-0x000000000121A000-memory.dmp
memory/2396-229-0x0000000001210000-0x000000000121A000-memory.dmp
memory/2396-225-0x0000000001210000-0x000000000121A000-memory.dmp
memory/2396-232-0x0000000001210000-0x000000000121A000-memory.dmp
memory/2396-235-0x0000000001210000-0x000000000121A000-memory.dmp
memory/2396-233-0x0000000001210000-0x000000000121A000-memory.dmp
memory/1156-221-0x0000000000000000-mapping.dmp
memory/2396-237-0x0000000001210000-0x000000000121A000-memory.dmp
memory/2396-239-0x0000000001210000-0x000000000121A000-memory.dmp
memory/2396-244-0x0000000001210000-0x000000000121A000-memory.dmp
memory/2396-245-0x0000000001210000-0x000000000121A000-memory.dmp
memory/2396-248-0x0000000001210000-0x000000000121A000-memory.dmp
memory/2396-241-0x0000000001210000-0x000000000121A000-memory.dmp
memory/2396-249-0x0000000001210000-0x000000000121A000-memory.dmp
memory/2396-251-0x0000000001210000-0x000000000121A000-memory.dmp
memory/2396-253-0x0000000001210000-0x000000000121A000-memory.dmp
memory/2396-260-0x0000000001210000-0x000000000121A000-memory.dmp
memory/2232-259-0x0000000000000000-mapping.dmp
memory/2396-257-0x0000000001210000-0x000000000121A000-memory.dmp
memory/2232-265-0x0000000000350000-0x000000000035B000-memory.dmp
memory/2232-267-0x0000000000360000-0x0000000000367000-memory.dmp
memory/2396-268-0x0000000001210000-0x0000000001219000-memory.dmp
memory/2396-271-0x0000000001210000-0x0000000001219000-memory.dmp
memory/2396-274-0x0000000001210000-0x0000000001219000-memory.dmp
memory/2396-277-0x0000000001210000-0x0000000001219000-memory.dmp
memory/2396-280-0x0000000001210000-0x0000000001219000-memory.dmp
memory/2396-282-0x0000000001210000-0x0000000001219000-memory.dmp
memory/2396-287-0x0000000001210000-0x0000000001219000-memory.dmp
memory/2396-292-0x0000000001230000-0x000000000123A000-memory.dmp
memory/2396-295-0x0000000001210000-0x0000000001219000-memory.dmp
memory/2396-301-0x0000000001210000-0x0000000001219000-memory.dmp
memory/2360-302-0x0000000000000000-mapping.dmp
memory/2396-308-0x0000000001210000-0x0000000001219000-memory.dmp
memory/2360-313-0x0000000000BF0000-0x0000000000BF9000-memory.dmp
memory/2396-316-0x0000000001210000-0x0000000001219000-memory.dmp
memory/2360-310-0x0000000000BE0000-0x0000000000BEE000-memory.dmp
memory/2396-318-0x0000000001210000-0x0000000001219000-memory.dmp
memory/2396-311-0x0000000001210000-0x0000000001219000-memory.dmp
memory/2396-304-0x0000000001210000-0x0000000001219000-memory.dmp
memory/2396-297-0x0000000001210000-0x0000000001219000-memory.dmp
memory/2396-290-0x0000000001210000-0x0000000001219000-memory.dmp
memory/2396-285-0x0000000001210000-0x0000000001219000-memory.dmp
memory/2396-322-0x0000000001210000-0x0000000001219000-memory.dmp
memory/2396-326-0x0000000001210000-0x0000000001219000-memory.dmp
memory/2396-335-0x0000000001210000-0x0000000001219000-memory.dmp
memory/2396-337-0x0000000001210000-0x0000000001219000-memory.dmp
memory/2396-344-0x0000000001210000-0x0000000001219000-memory.dmp
memory/2396-346-0x0000000001210000-0x0000000001219000-memory.dmp
memory/2396-351-0x0000000001210000-0x0000000001219000-memory.dmp
memory/2396-331-0x0000000001210000-0x0000000001219000-memory.dmp
memory/2396-360-0x0000000001210000-0x0000000001219000-memory.dmp
memory/1724-356-0x0000000000000000-mapping.dmp
memory/2396-369-0x0000000001210000-0x0000000001219000-memory.dmp
memory/1724-368-0x0000000000900000-0x0000000000905000-memory.dmp
memory/2396-374-0x0000000001210000-0x0000000001219000-memory.dmp
memory/2396-383-0x0000000001210000-0x0000000001219000-memory.dmp
memory/2396-394-0x0000000001230000-0x000000000123A000-memory.dmp
memory/2396-398-0x0000000001210000-0x0000000001219000-memory.dmp
memory/2396-393-0x0000000001210000-0x0000000001219000-memory.dmp
memory/2396-403-0x0000000001210000-0x0000000001219000-memory.dmp
memory/1888-406-0x0000000000000000-mapping.dmp
memory/2396-409-0x0000000001210000-0x0000000001219000-memory.dmp
memory/2396-418-0x0000000001210000-0x0000000001219000-memory.dmp
memory/1888-417-0x0000000001220000-0x000000000122C000-memory.dmp
memory/1888-423-0x0000000001230000-0x0000000001236000-memory.dmp
memory/2396-428-0x0000000001210000-0x0000000001219000-memory.dmp
memory/2396-422-0x0000000001210000-0x0000000001219000-memory.dmp
memory/2396-440-0x0000000001210000-0x0000000001219000-memory.dmp
memory/2396-445-0x0000000001210000-0x0000000001219000-memory.dmp
memory/3784-454-0x0000000002870000-0x0000000002871000-memory.dmp
memory/3880-459-0x0000000000000000-mapping.dmp
memory/2396-464-0x0000000001210000-0x0000000001219000-memory.dmp
memory/3880-468-0x0000000003100000-0x0000000003109000-memory.dmp
memory/3880-473-0x0000000003110000-0x0000000003114000-memory.dmp
memory/2396-452-0x0000000001210000-0x0000000001219000-memory.dmp
memory/2396-457-0x0000000001210000-0x0000000001219000-memory.dmp
memory/2396-435-0x0000000001210000-0x0000000001219000-memory.dmp
memory/2396-497-0x00000000011F0000-0x00000000011F9000-memory.dmp
memory/968-507-0x0000000000000000-mapping.dmp
memory/2396-511-0x00000000011F0000-0x00000000011F9000-memory.dmp
memory/2396-413-0x0000000001210000-0x0000000001219000-memory.dmp
memory/2396-388-0x0000000001210000-0x0000000001219000-memory.dmp
memory/2396-379-0x0000000001210000-0x0000000001219000-memory.dmp
memory/1724-365-0x00000000008F0000-0x00000000008F9000-memory.dmp
memory/2396-364-0x0000000001210000-0x0000000001219000-memory.dmp
memory/2396-355-0x0000000001210000-0x0000000001219000-memory.dmp
memory/968-518-0x0000000000C10000-0x0000000000C19000-memory.dmp
memory/968-525-0x0000000000C20000-0x0000000000C25000-memory.dmp
memory/2396-532-0x00000000011F0000-0x00000000011F9000-memory.dmp
memory/2396-543-0x00000000011F0000-0x00000000011F9000-memory.dmp
memory/2396-522-0x00000000011F0000-0x00000000011F9000-memory.dmp
memory/2396-554-0x00000000011F0000-0x00000000011F9000-memory.dmp
memory/2396-564-0x00000000011F0000-0x00000000011F9000-memory.dmp
memory/2876-573-0x0000000000410000-0x0000000000437000-memory.dmp
memory/2396-575-0x00000000011F0000-0x00000000011F9000-memory.dmp
memory/2396-586-0x00000000011F0000-0x00000000011F9000-memory.dmp
memory/2396-597-0x0000000001060000-0x0000000001069000-memory.dmp
memory/2396-613-0x00000000011F0000-0x00000000011F9000-memory.dmp
memory/1740-611-0x0000000000000000-mapping.dmp
memory/1740-636-0x0000000000900000-0x0000000000905000-memory.dmp
memory/360-631-0x0000000000000000-mapping.dmp
memory/1504-658-0x0000000000000000-mapping.dmp
memory/1740-627-0x00000000008F0000-0x00000000008F9000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Uxagjed\emukce.exe
| MD5 | ba98119e8d3b219a5ff1d3984a5f1bd0 |
| SHA1 | 1de245ea6d17394a769da39711d8cde6eea88b4c |
| SHA256 | c4d55748a4499a17b13c62635b1a9137882739afdd05e855f3248b01541747b5 |
| SHA512 | 589d5ee340c4117227cc0583236d625648d6f185800fee61077066c8b2d4424f3cc84212f8f77e6b3dcbfa3f872ed7264228b29a9ae71de3d6557fc7b917ccb7 |
C:\Users\Admin\AppData\Roaming\Microsoft\Uxagjed\emukce.exe
| MD5 | ba98119e8d3b219a5ff1d3984a5f1bd0 |
| SHA1 | 1de245ea6d17394a769da39711d8cde6eea88b4c |
| SHA256 | c4d55748a4499a17b13c62635b1a9137882739afdd05e855f3248b01541747b5 |
| SHA512 | 589d5ee340c4117227cc0583236d625648d6f185800fee61077066c8b2d4424f3cc84212f8f77e6b3dcbfa3f872ed7264228b29a9ae71de3d6557fc7b917ccb7 |
memory/2060-605-0x0000000000000000-mapping.dmp
memory/2876-581-0x0000000000440000-0x0000000000462000-memory.dmp
memory/2876-560-0x0000000000000000-mapping.dmp
memory/1504-679-0x0000000000340000-0x0000000000346000-memory.dmp
memory/1504-672-0x0000000000330000-0x000000000033B000-memory.dmp
memory/1108-701-0x0000000000000000-mapping.dmp
memory/1108-716-0x0000000000BB0000-0x0000000000BBD000-memory.dmp
memory/1108-723-0x0000000000BC0000-0x0000000000BC7000-memory.dmp
memory/3804-746-0x0000000000000000-mapping.dmp
memory/3804-767-0x0000000003110000-0x0000000003118000-memory.dmp
memory/3804-760-0x0000000003100000-0x000000000310B000-memory.dmp
memory/3488-860-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Uxagjed\emukce.exe
| MD5 | ba98119e8d3b219a5ff1d3984a5f1bd0 |
| SHA1 | 1de245ea6d17394a769da39711d8cde6eea88b4c |
| SHA256 | c4d55748a4499a17b13c62635b1a9137882739afdd05e855f3248b01541747b5 |
| SHA512 | 589d5ee340c4117227cc0583236d625648d6f185800fee61077066c8b2d4424f3cc84212f8f77e6b3dcbfa3f872ed7264228b29a9ae71de3d6557fc7b917ccb7 |
memory/2396-1163-0x00000000011F0000-0x00000000011F9000-memory.dmp
memory/2396-1168-0x0000000001060000-0x0000000001065000-memory.dmp
memory/2396-1179-0x0000000001060000-0x0000000001065000-memory.dmp
memory/2396-1173-0x0000000001060000-0x0000000001065000-memory.dmp
memory/2396-1184-0x0000000001060000-0x0000000001065000-memory.dmp
memory/2396-1198-0x0000000001060000-0x0000000001065000-memory.dmp
memory/2396-1202-0x0000000001060000-0x0000000001065000-memory.dmp
memory/2396-1190-0x0000000001060000-0x0000000001065000-memory.dmp
memory/2396-1215-0x0000000001060000-0x0000000001065000-memory.dmp
memory/2396-1221-0x0000000001060000-0x0000000001065000-memory.dmp
memory/2396-1210-0x0000000001060000-0x0000000001065000-memory.dmp
memory/2396-1225-0x0000000001060000-0x0000000001065000-memory.dmp
memory/2396-1238-0x0000000001060000-0x0000000001065000-memory.dmp
memory/2396-1232-0x0000000001060000-0x0000000001065000-memory.dmp
memory/2396-1249-0x0000000001060000-0x0000000001065000-memory.dmp
memory/2396-1244-0x0000000001060000-0x0000000001065000-memory.dmp
memory/2396-1255-0x0000000001060000-0x0000000001065000-memory.dmp
memory/2396-1259-0x0000000001060000-0x0000000001065000-memory.dmp
memory/2396-1263-0x0000000001060000-0x0000000001065000-memory.dmp
memory/2396-1268-0x0000000001060000-0x0000000001065000-memory.dmp
memory/2396-1273-0x0000000001060000-0x0000000001065000-memory.dmp
memory/2396-1278-0x0000000001060000-0x0000000001065000-memory.dmp
memory/2396-1283-0x0000000001060000-0x0000000001065000-memory.dmp
memory/2396-1288-0x0000000001060000-0x0000000001065000-memory.dmp
memory/2396-1293-0x0000000001060000-0x0000000001065000-memory.dmp
memory/2396-1298-0x0000000001060000-0x0000000001065000-memory.dmp
memory/2396-1304-0x0000000001060000-0x0000000001065000-memory.dmp
memory/2396-1308-0x0000000001060000-0x0000000001065000-memory.dmp
memory/2396-1312-0x0000000001060000-0x0000000001065000-memory.dmp
memory/2396-1317-0x0000000001060000-0x0000000001065000-memory.dmp
memory/2396-1322-0x0000000001060000-0x0000000001065000-memory.dmp
memory/2396-1331-0x0000000001060000-0x0000000001065000-memory.dmp
memory/2396-1336-0x0000000001060000-0x0000000001065000-memory.dmp
memory/2396-1326-0x0000000001060000-0x0000000001065000-memory.dmp
memory/3488-1343-0x0000000002820000-0x0000000002821000-memory.dmp
memory/2396-1347-0x0000000001060000-0x0000000001065000-memory.dmp
memory/2396-1362-0x0000000001060000-0x0000000001065000-memory.dmp
memory/1348-1368-0x0000000000000000-mapping.dmp
memory/2396-1367-0x0000000001060000-0x0000000001065000-memory.dmp
memory/2060-1361-0x00000000020A0000-0x00000000020DA000-memory.dmp
memory/2396-1373-0x0000000001060000-0x0000000001065000-memory.dmp
memory/2396-1378-0x0000000001060000-0x0000000001065000-memory.dmp
memory/2396-1351-0x0000000001060000-0x0000000001065000-memory.dmp
memory/2396-1356-0x0000000001060000-0x0000000001065000-memory.dmp
memory/2396-1340-0x0000000001060000-0x0000000001065000-memory.dmp
memory/2396-1383-0x0000000001060000-0x0000000001065000-memory.dmp
memory/2396-1388-0x0000000001060000-0x0000000001065000-memory.dmp
memory/2396-1397-0x0000000001060000-0x0000000001065000-memory.dmp
memory/2396-1392-0x0000000001060000-0x0000000001065000-memory.dmp
memory/2396-1407-0x0000000001060000-0x0000000001065000-memory.dmp
memory/2396-1403-0x0000000001060000-0x0000000001065000-memory.dmp
memory/2396-1415-0x0000000001060000-0x0000000001065000-memory.dmp
memory/2396-1410-0x0000000001060000-0x0000000001065000-memory.dmp
memory/2396-1418-0x0000000001060000-0x0000000001065000-memory.dmp
memory/2396-1426-0x0000000001060000-0x0000000001065000-memory.dmp
memory/2396-1423-0x0000000001060000-0x0000000001065000-memory.dmp
memory/2396-1434-0x0000000001060000-0x0000000001065000-memory.dmp
memory/2396-1437-0x0000000001060000-0x0000000001065000-memory.dmp
memory/2396-1441-0x0000000001060000-0x0000000001065000-memory.dmp
memory/2396-1444-0x0000000001060000-0x0000000001065000-memory.dmp
memory/2396-1448-0x0000000001060000-0x0000000001065000-memory.dmp
memory/2396-1430-0x0000000001060000-0x0000000001065000-memory.dmp
memory/2396-1454-0x0000000001060000-0x0000000001065000-memory.dmp
memory/2396-1457-0x0000000001060000-0x0000000001065000-memory.dmp
memory/2396-1452-0x0000000001060000-0x0000000001065000-memory.dmp
memory/2396-1460-0x0000000001060000-0x0000000001065000-memory.dmp
memory/2396-1462-0x0000000001060000-0x0000000001065000-memory.dmp
memory/2396-1465-0x0000000001060000-0x0000000001065000-memory.dmp
memory/2396-1468-0x0000000001060000-0x0000000001065000-memory.dmp
memory/2396-1472-0x0000000001060000-0x0000000001065000-memory.dmp
memory/2396-1473-0x0000000001060000-0x0000000001065000-memory.dmp
memory/2396-1480-0x0000000001060000-0x0000000001065000-memory.dmp
memory/2396-1483-0x0000000001060000-0x0000000001065000-memory.dmp
memory/2396-1485-0x0000000001060000-0x0000000001065000-memory.dmp
memory/2396-1476-0x0000000001060000-0x0000000001065000-memory.dmp
memory/2396-1487-0x0000000001060000-0x0000000001065000-memory.dmp
memory/2396-1488-0x0000000001060000-0x0000000001065000-memory.dmp
memory/2396-1490-0x0000000001060000-0x0000000001065000-memory.dmp
memory/2396-1494-0x0000000001060000-0x0000000001065000-memory.dmp
memory/2396-1495-0x0000000001060000-0x0000000001065000-memory.dmp
memory/2396-1497-0x0000000001060000-0x0000000001065000-memory.dmp
memory/2396-1499-0x0000000001060000-0x0000000001065000-memory.dmp
memory/2396-1492-0x0000000001060000-0x0000000001065000-memory.dmp
memory/2396-1501-0x0000000001060000-0x0000000001065000-memory.dmp
memory/2396-1502-0x0000000001060000-0x0000000001065000-memory.dmp
memory/2396-1505-0x00000000011F0000-0x00000000011F9000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Uxagjed\emukce.dat
| MD5 | d64ede4d21616ebbaaa1a0d54bdb27bb |
| SHA1 | 99d8a05093b2dfe3364d0fbbb0c7c3ae124c93ab |
| SHA256 | 6f4683241939bb642650ad14769e9a4f2b47f8ec78867df5868424094c58aa2c |
| SHA512 | dd4fe22936e24ff36741388244393b127014f7ce31aa4465df2dd443adeba820d4e5cbd6214d218086a3a8f3b2bf62d7b8bf72b2af138e68e7369387f25b9567 |
memory/2396-1589-0x00000000011F0000-0x00000000011F9000-memory.dmp
memory/2396-1671-0x00000000011F0000-0x00000000011F9000-memory.dmp
memory/2396-1753-0x00000000011F0000-0x00000000011F9000-memory.dmp
memory/2396-1835-0x00000000011F0000-0x00000000011F9000-memory.dmp
memory/2396-1917-0x00000000011F0000-0x00000000011F9000-memory.dmp
memory/2396-1999-0x00000000011F0000-0x00000000011F9000-memory.dmp
memory/2396-2081-0x00000000011F0000-0x00000000011F9000-memory.dmp
memory/2396-2245-0x00000000011F0000-0x00000000011F9000-memory.dmp
memory/2396-2326-0x00000000011F0000-0x00000000011F9000-memory.dmp