Analysis
-
max time kernel
80s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
03-07-2022 05:42
General
-
Target
3cabd6b4edbffa940ed1080ab93015ed89a5d1ab228e5008677de63dbd2fbbe3.exe
-
Size
469KB
-
MD5
709802f0cfb676e53115189b5cd91cfc
-
SHA1
97027efdd9473b5f431179bc9b7ced86126cc625
-
SHA256
3cabd6b4edbffa940ed1080ab93015ed89a5d1ab228e5008677de63dbd2fbbe3
-
SHA512
2e7fd447ecfdb6bb53dce4e7d560881ecfbe036b5dd2c20414fb76c792653ca40a2b9774cc40ee074d3a4c0a340521bf120a93d174c3c69ce2fb562412ba951e
Score
10/10
Malware Config
Signatures
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Executes dropped EXE 64 IoCs
-
UPX packed file 49 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Loads dropped DLL 56 IoCs
-
Checks whether UAC is enabled 1 TTPs 32 IoCs
-
Program crash 15 IoCs
-
Drops file in System32 directory 64 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 59 IoCs
-
Checks processor information in registry 2 TTPs 4 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies Internet Explorer settings 1 TTPs 28 IoCs
-
Modifies data under HKEY_USERS 64 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
-
Suspicious behavior: RenamesItself 1 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\3cabd6b4edbffa940ed1080ab93015ed89a5d1ab228e5008677de63dbd2fbbe3.exe"C:\Users\Admin\AppData\Local\Temp\3cabd6b4edbffa940ed1080ab93015ed89a5d1ab228e5008677de63dbd2fbbe3.exe"1⤵
- Drops file in Windows directory
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\3cabd6b4edbffa940ed1080ab93015ed89a5d1ab228e5008677de63dbd2fbbe3Srv.exeC:\Users\Admin\AppData\Local\Temp\3cabd6b4edbffa940ed1080ab93015ed89a5d1ab228e5008677de63dbd2fbbe3Srv.exe2⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4564 CREDAT:17410 /prefetch:25⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
- Drops file in System32 directory
- Modifies data under HKEY_USERS
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4440 CREDAT:17410 /prefetch:25⤵
- Drops file in System32 directory
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\BHO\ie_to_edge_stub.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\BHO\ie_to_edge_stub.exe" --from-ie-to-edge=3 --ie-frame-hwnd=1004c6⤵
- Modifies data under HKEY_USERS
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-ie-to-edge=3 --ie-frame-hwnd=1004c7⤵
- Drops file in System32 directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb7cc646f8,0x7ffb7cc64708,0x7ffb7cc647188⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,665960709592117292,5891653979376697901,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:28⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,665960709592117292,5891653979376697901,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:38⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,665960709592117292,5891653979376697901,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2640 /prefetch:88⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,665960709592117292,5891653979376697901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3644 /prefetch:18⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,665960709592117292,5891653979376697901,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3684 /prefetch:18⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,665960709592117292,5891653979376697901,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3804 /prefetch:18⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,665960709592117292,5891653979376697901,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:18⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,665960709592117292,5891653979376697901,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4588 /prefetch:18⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,665960709592117292,5891653979376697901,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4604 /prefetch:18⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,665960709592117292,5891653979376697901,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:18⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,665960709592117292,5891653979376697901,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6692 /prefetch:88⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings8⤵
- Drops file in Program Files directory
- Modifies data under HKEY_USERS
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x228,0x22c,0x230,0x1bc,0x234,0x7ff7217c5460,0x7ff7217c5470,0x7ff7217c54809⤵
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4440 CREDAT:17412 /prefetch:25⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4440 CREDAT:82950 /prefetch:25⤵
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4440 CREDAT:82954 /prefetch:25⤵
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4440 CREDAT:82960 /prefetch:25⤵
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4440 CREDAT:82966 /prefetch:25⤵
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4440 CREDAT:82972 /prefetch:25⤵
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4440 CREDAT:82978 /prefetch:25⤵
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4440 CREDAT:82984 /prefetch:25⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4440 CREDAT:17426 /prefetch:25⤵
- Modifies data under HKEY_USERS
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4440 CREDAT:82990 /prefetch:25⤵
- Modifies data under HKEY_USERS
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4440 CREDAT:83004 /prefetch:25⤵
- Modifies data under HKEY_USERS
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4440 CREDAT:83010 /prefetch:25⤵
- Modifies data under HKEY_USERS
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4440 CREDAT:17446 /prefetch:25⤵
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4440 CREDAT:83020 /prefetch:25⤵
- Modifies data under HKEY_USERS
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 15086⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 13966⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 15286⤵
- Program crash
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4440 CREDAT:83022 /prefetch:25⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 4440 -s 68965⤵
- Program crash
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 4440 -s 71765⤵
- Program crash
- Drops file in Program Files directory
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 4440 -s 71605⤵
- Program crash
-
C:\Windows\TEMP\hrlC1FE.tmpC:\Windows\TEMP\hrlC1FE.tmp2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\TEMP\hrlC1FESrv.exeC:\Windows\TEMP\hrlC1FESrv.exe3⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
- Executes dropped EXE
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
- Executes dropped EXE
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrlEEEA.tmpC:\Windows\TEMP\hrlEEEA.tmp2⤵
- Executes dropped EXE
-
C:\Windows\TEMP\hrlEEEASrv.exeC:\Windows\TEMP\hrlEEEASrv.exe3⤵
- Executes dropped EXE
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
- Executes dropped EXE
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Windows directory
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
- Executes dropped EXE
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrlFC28.tmpC:\Windows\TEMP\hrlFC28.tmp2⤵
- Executes dropped EXE
-
C:\Windows\TEMP\hrlFC28Srv.exeC:\Windows\TEMP\hrlFC28Srv.exe3⤵
- Executes dropped EXE
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
- Executes dropped EXE
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
- Executes dropped EXE
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
- Executes dropped EXE
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrl6F6.tmpC:\Windows\TEMP\hrl6F6.tmp2⤵
-
C:\Windows\TEMP\hrl6F6Srv.exeC:\Windows\TEMP\hrl6F6Srv.exe3⤵
- Executes dropped EXE
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Windows directory
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
- Executes dropped EXE
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
- Executes dropped EXE
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrlCD2.tmpC:\Windows\TEMP\hrlCD2.tmp2⤵
- Executes dropped EXE
-
C:\Windows\TEMP\hrlCD2Srv.exeC:\Windows\TEMP\hrlCD2Srv.exe3⤵
- Executes dropped EXE
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
- Executes dropped EXE
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Windows directory
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
- Executes dropped EXE
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
- Executes dropped EXE
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrl134A.tmpC:\Windows\TEMP\hrl134A.tmp2⤵
- Executes dropped EXE
-
C:\Windows\TEMP\hrl134ASrv.exeC:\Windows\TEMP\hrl134ASrv.exe3⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
- Executes dropped EXE
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
- Executes dropped EXE
- Drops file in Windows directory
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
- Executes dropped EXE
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
- Executes dropped EXE
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrl1965.tmpC:\Windows\TEMP\hrl1965.tmp2⤵
- Executes dropped EXE
-
C:\Windows\TEMP\hrl1965Srv.exeC:\Windows\TEMP\hrl1965Srv.exe3⤵
- Executes dropped EXE
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
- Executes dropped EXE
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
- Executes dropped EXE
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵
-
C:\Windows\TEMP\hrl1DF9.tmpC:\Windows\TEMP\hrl1DF9.tmp2⤵
-
C:\Windows\TEMP\hrl1DF9Srv.exeC:\Windows\TEMP\hrl1DF9Srv.exe3⤵
- Executes dropped EXE
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
- Executes dropped EXE
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
- Executes dropped EXE
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrl22BB.tmpC:\Windows\TEMP\hrl22BB.tmp2⤵
- Executes dropped EXE
-
C:\Windows\TEMP\hrl22BBSrv.exeC:\Windows\TEMP\hrl22BBSrv.exe3⤵
- Executes dropped EXE
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
- Executes dropped EXE
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
- Executes dropped EXE
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
- Executes dropped EXE
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrl26F2.tmpC:\Windows\TEMP\hrl26F2.tmp2⤵
-
C:\Windows\TEMP\hrl26F2Srv.exeC:\Windows\TEMP\hrl26F2Srv.exe3⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
- Loads dropped DLL
- Drops file in Windows directory
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrl2BF3.tmpC:\Windows\TEMP\hrl2BF3.tmp2⤵
-
C:\Windows\TEMP\hrl2BF3Srv.exeC:\Windows\TEMP\hrl2BF3Srv.exe3⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
- Executes dropped EXE
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
- Loads dropped DLL
- Drops file in Windows directory
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵
- Executes dropped EXE
-
C:\Windows\TEMP\hrl327B.tmpC:\Windows\TEMP\hrl327B.tmp2⤵
-
C:\Windows\TEMP\hrl327BSrv.exeC:\Windows\TEMP\hrl327BSrv.exe3⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
- Loads dropped DLL
- Drops file in Windows directory
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵
-
C:\Windows\TEMP\hrl37BA.tmpC:\Windows\TEMP\hrl37BA.tmp2⤵
-
C:\Windows\TEMP\hrl37BASrv.exeC:\Windows\TEMP\hrl37BASrv.exe3⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
- Modifies data under HKEY_USERS
-
C:\Windows\TEMP\hrl3DD5.tmpC:\Windows\TEMP\hrl3DD5.tmp2⤵
-
C:\Windows\TEMP\hrl3DD5Srv.exeC:\Windows\TEMP\hrl3DD5Srv.exe3⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
- Loads dropped DLL
- Drops file in Windows directory
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrl42B7.tmpC:\Windows\TEMP\hrl42B7.tmp2⤵
-
C:\Windows\TEMP\hrl42B7Srv.exeC:\Windows\TEMP\hrl42B7Srv.exe3⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Windows directory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 500 -p 3200 -ip 32001⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 3200 -ip 32001⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 3200 -ip 32001⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
- Loads dropped DLL
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrl474B.tmpC:\Windows\TEMP\hrl474B.tmp2⤵
-
C:\Windows\TEMP\hrl474BSrv.exeC:\Windows\TEMP\hrl474BSrv.exe3⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 488 -p 4440 -ip 44401⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Windows directory
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrl4AB6.tmpC:\Windows\TEMP\hrl4AB6.tmp2⤵
- Checks whether UAC is enabled
-
C:\Windows\TEMP\hrl4AB6Srv.exeC:\Windows\TEMP\hrl4AB6Srv.exe3⤵
- Checks whether UAC is enabled
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 456 -p 4440 -ip 44401⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 632 -p 4440 -ip 44401⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
- Loads dropped DLL
- Drops file in Windows directory
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
- Checks whether UAC is enabled
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrl50A1.tmpC:\Windows\TEMP\hrl50A1.tmp2⤵
-
C:\Windows\TEMP\hrl50A1Srv.exeC:\Windows\TEMP\hrl50A1Srv.exe3⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1820 CREDAT:17410 /prefetch:26⤵
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1820 CREDAT:17414 /prefetch:26⤵
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1820 CREDAT:17418 /prefetch:26⤵
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1820 CREDAT:82946 /prefetch:26⤵
- Modifies data under HKEY_USERS
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1820 CREDAT:17426 /prefetch:26⤵
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1820 CREDAT:17432 /prefetch:26⤵
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1820 CREDAT:82952 /prefetch:26⤵
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1820 CREDAT:82960 /prefetch:26⤵
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1820 CREDAT:17450 /prefetch:26⤵
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1820 CREDAT:17458 /prefetch:26⤵
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1820 CREDAT:82974 /prefetch:26⤵
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1820 CREDAT:17468 /prefetch:26⤵
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1820 CREDAT:148484 /prefetch:26⤵
- Modifies data under HKEY_USERS
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1820 -s 61366⤵
- Program crash
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1820 -s 61606⤵
- Program crash
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
- Loads dropped DLL
- Drops file in Windows directory
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵
- Drops file in System32 directory
- Modifies data under HKEY_USERS
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2476 CREDAT:17410 /prefetch:24⤵
-
C:\Windows\TEMP\hrl53ED.tmpC:\Windows\TEMP\hrl53ED.tmp2⤵
-
C:\Windows\TEMP\hrl53EDSrv.exeC:\Windows\TEMP\hrl53EDSrv.exe3⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrl592D.tmpC:\Windows\TEMP\hrl592D.tmp2⤵
-
C:\Windows\TEMP\hrl592DSrv.exeC:\Windows\TEMP\hrl592DSrv.exe3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
- Loads dropped DLL
- Drops file in Windows directory
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrl5D53.tmpC:\Windows\TEMP\hrl5D53.tmp2⤵
-
C:\Windows\TEMP\hrl5D53Srv.exeC:\Windows\TEMP\hrl5D53Srv.exe3⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrl615B.tmpC:\Windows\TEMP\hrl615B.tmp2⤵
-
C:\Windows\TEMP\hrl615BSrv.exeC:\Windows\TEMP\hrl615BSrv.exe3⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
- Loads dropped DLL
- Drops file in Windows directory
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
- Drops file in Program Files directory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵
-
C:\Windows\TEMP\hrl65FE.tmpC:\Windows\TEMP\hrl65FE.tmp2⤵
-
C:\Windows\TEMP\hrl65FESrv.exeC:\Windows\TEMP\hrl65FESrv.exe3⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
- Loads dropped DLL
- Drops file in Windows directory
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
- Loads dropped DLL
- Drops file in Windows directory
-
C:\Windows\TEMP\hrl6A92.tmpC:\Windows\TEMP\hrl6A92.tmp2⤵
-
C:\Windows\TEMP\hrl6A92Srv.exeC:\Windows\TEMP\hrl6A92Srv.exe3⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
- Loads dropped DLL
- Drops file in Windows directory
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrl6EE7.tmpC:\Windows\TEMP\hrl6EE7.tmp2⤵
-
C:\Windows\TEMP\hrl6EE7Srv.exeC:\Windows\TEMP\hrl6EE7Srv.exe3⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"1⤵
- Loads dropped DLL
- Drops file in Windows directory
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
- Loads dropped DLL
- Drops file in Windows directory
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
- Loads dropped DLL
- Drops file in Windows directory
- Modifies data under HKEY_USERS
-
C:\Windows\TEMP\hrl73C9.tmpC:\Windows\TEMP\hrl73C9.tmp2⤵
- Checks whether UAC is enabled
-
C:\Windows\TEMP\hrl73C9Srv.exeC:\Windows\TEMP\hrl73C9Srv.exe3⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrl783E.tmpC:\Windows\TEMP\hrl783E.tmp2⤵
-
C:\Windows\TEMP\hrl783ESrv.exeC:\Windows\TEMP\hrl783ESrv.exe3⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
- Loads dropped DLL
- Drops file in Windows directory
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrl7BF7.tmpC:\Windows\TEMP\hrl7BF7.tmp2⤵
-
C:\Windows\TEMP\hrl7BF7Srv.exeC:\Windows\TEMP\hrl7BF7Srv.exe3⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵
-
C:\Windows\TEMP\hrl7FA1.tmpC:\Windows\TEMP\hrl7FA1.tmp2⤵
-
C:\Windows\TEMP\hrl7FA1Srv.exeC:\Windows\TEMP\hrl7FA1Srv.exe3⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
- Loads dropped DLL
- Drops file in Windows directory
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrl8492.tmpC:\Windows\TEMP\hrl8492.tmp2⤵
-
C:\Windows\TEMP\hrl8492Srv.exeC:\Windows\TEMP\hrl8492Srv.exe3⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
- Checks whether UAC is enabled
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrl88C8.tmpC:\Windows\TEMP\hrl88C8.tmp2⤵
-
C:\Windows\TEMP\hrl88C8Srv.exeC:\Windows\TEMP\hrl88C8Srv.exe3⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
- Drops file in Program Files directory
-
C:\Windows\TEMP\hrl8CDF.tmpC:\Windows\TEMP\hrl8CDF.tmp2⤵
- Drops file in Program Files directory
-
C:\Windows\TEMP\hrl8CDFSrv.exeC:\Windows\TEMP\hrl8CDFSrv.exe3⤵
- Checks whether UAC is enabled
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
- Checks whether UAC is enabled
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrl9125.tmpC:\Windows\TEMP\hrl9125.tmp2⤵
-
C:\Windows\TEMP\hrl9125Srv.exeC:\Windows\TEMP\hrl9125Srv.exe3⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
- Drops file in Program Files directory
-
C:\Windows\TEMP\hrl94EE.tmpC:\Windows\TEMP\hrl94EE.tmp2⤵
-
C:\Windows\TEMP\hrl94EESrv.exeC:\Windows\TEMP\hrl94EESrv.exe3⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"1⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 640 -p 1820 -ip 18201⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 416 -p 1820 -ip 18201⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Windows directory
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
- Drops file in System32 directory
- Modifies data under HKEY_USERS
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1660 CREDAT:17410 /prefetch:25⤵
- Loads dropped DLL
- Drops file in Windows directory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 25886⤵
- Program crash
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1660 CREDAT:17414 /prefetch:25⤵
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1660 CREDAT:148482 /prefetch:25⤵
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1660 CREDAT:148484 /prefetch:25⤵
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1660 CREDAT:17424 /prefetch:25⤵
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1660 CREDAT:82960 /prefetch:25⤵
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1660 CREDAT:17438 /prefetch:25⤵
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1660 CREDAT:148486 /prefetch:25⤵
- Modifies data under HKEY_USERS
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1660 CREDAT:17452 /prefetch:25⤵
- Modifies data under HKEY_USERS
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1660 CREDAT:82988 /prefetch:25⤵
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1660 CREDAT:17470 /prefetch:25⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1660 -s 64205⤵
- Program crash
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1660 CREDAT:214018 /prefetch:25⤵
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1660 CREDAT:279554 /prefetch:25⤵
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1660 CREDAT:410626 /prefetch:25⤵
-
C:\Windows\TEMP\hrl9991.tmpC:\Windows\TEMP\hrl9991.tmp2⤵
-
C:\Windows\TEMP\hrl9991Srv.exeC:\Windows\TEMP\hrl9991Srv.exe3⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Windows directory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrl9D79.tmpC:\Windows\TEMP\hrl9D79.tmp2⤵
-
C:\Windows\TEMP\hrl9D79Srv.exeC:\Windows\TEMP\hrl9D79Srv.exe3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
- Drops file in System32 directory
- Modifies data under HKEY_USERS
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
- Drops file in Windows directory
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrl9FFA.tmpC:\Windows\TEMP\hrl9FFA.tmp2⤵
-
C:\Windows\TEMP\hrl9FFASrv.exeC:\Windows\TEMP\hrl9FFASrv.exe3⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrlA4FB.tmpC:\Windows\TEMP\hrlA4FB.tmp2⤵
-
C:\Windows\TEMP\hrlA4FBSrv.exeC:\Windows\TEMP\hrlA4FBSrv.exe3⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrlA99F.tmpC:\Windows\TEMP\hrlA99F.tmp2⤵
-
C:\Windows\TEMP\hrlA99FSrv.exeC:\Windows\TEMP\hrlA99FSrv.exe3⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Windows directory
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrlAE52.tmpC:\Windows\TEMP\hrlAE52.tmp2⤵
-
C:\Windows\TEMP\hrlAE52Srv.exeC:\Windows\TEMP\hrlAE52Srv.exe3⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
- Checks whether UAC is enabled
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrlB23A.tmpC:\Windows\TEMP\hrlB23A.tmp2⤵
-
C:\Windows\TEMP\hrlB23ASrv.exeC:\Windows\TEMP\hrlB23ASrv.exe3⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
- Loads dropped DLL
- Drops file in Windows directory
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrlB6DD.tmpC:\Windows\TEMP\hrlB6DD.tmp2⤵
-
C:\Windows\TEMP\hrlB6DDSrv.exeC:\Windows\TEMP\hrlB6DDSrv.exe3⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵
-
C:\Windows\TEMP\hrlBBCF.tmpC:\Windows\TEMP\hrlBBCF.tmp2⤵
- Loads dropped DLL
- Drops file in Windows directory
-
C:\Windows\TEMP\hrlBBCFSrv.exeC:\Windows\TEMP\hrlBBCFSrv.exe3⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Windows directory
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
- Checks whether UAC is enabled
- Drops file in Program Files directory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrlC12E.tmpC:\Windows\TEMP\hrlC12E.tmp2⤵
- Checks whether UAC is enabled
-
C:\Windows\TEMP\hrlC12ESrv.exeC:\Windows\TEMP\hrlC12ESrv.exe3⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
- Checks whether UAC is enabled
- Modifies data under HKEY_USERS
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrlC506.tmpC:\Windows\TEMP\hrlC506.tmp2⤵
- Checks whether UAC is enabled
- Modifies data under HKEY_USERS
-
C:\Windows\TEMP\hrlC506Srv.exeC:\Windows\TEMP\hrlC506Srv.exe3⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
- Checks whether UAC is enabled
- Modifies data under HKEY_USERS
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
- Checks whether UAC is enabled
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
- Drops file in Program Files directory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrlC91D.tmpC:\Windows\TEMP\hrlC91D.tmp2⤵
-
C:\Windows\TEMP\hrlC91DSrv.exeC:\Windows\TEMP\hrlC91DSrv.exe3⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
- Loads dropped DLL
- Checks whether UAC is enabled
- Drops file in Windows directory
- Checks processor information in registry
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrlCF38.tmpC:\Windows\TEMP\hrlCF38.tmp2⤵
-
C:\Windows\TEMP\hrlCF38Srv.exeC:\Windows\TEMP\hrlCF38Srv.exe3⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
- Loads dropped DLL
- Drops file in Windows directory
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrlD3BC.tmpC:\Windows\TEMP\hrlD3BC.tmp2⤵
-
C:\Windows\TEMP\hrlD3BCSrv.exeC:\Windows\TEMP\hrlD3BCSrv.exe3⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrlD765.tmpC:\Windows\TEMP\hrlD765.tmp2⤵
-
C:\Windows\TEMP\hrlD765Srv.exeC:\Windows\TEMP\hrlD765Srv.exe3⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Checks processor information in registry
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrlDC38.tmpC:\Windows\TEMP\hrlDC38.tmp2⤵
-
C:\Windows\TEMP\hrlDC38Srv.exeC:\Windows\TEMP\hrlDC38Srv.exe3⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 1952 -ip 19521⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
- Loads dropped DLL
- Drops file in Windows directory
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
- Loads dropped DLL
- Drops file in Windows directory
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
- Drops file in Program Files directory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrlE1C6.tmpC:\Windows\TEMP\hrlE1C6.tmp2⤵
-
C:\Windows\TEMP\hrlE1C6Srv.exeC:\Windows\TEMP\hrlE1C6Srv.exe3⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 492 -p 1660 -ip 16601⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵
-
C:\Windows\TEMP\hrlE705.tmpC:\Windows\TEMP\hrlE705.tmp2⤵
-
C:\Windows\TEMP\hrlE705Srv.exeC:\Windows\TEMP\hrlE705Srv.exe3⤵
- Loads dropped DLL
- Drops file in Windows directory
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Windows directory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:176 CREDAT:17410 /prefetch:26⤵
- Modifies data under HKEY_USERS
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"1⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
- Checks whether UAC is enabled
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵
- Drops file in System32 directory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4684 CREDAT:17410 /prefetch:24⤵
- Drops file in Windows directory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4684 CREDAT:17414 /prefetch:24⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 33645⤵
- Program crash
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4684 CREDAT:17420 /prefetch:24⤵
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4684 CREDAT:82952 /prefetch:24⤵
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4684 CREDAT:82960 /prefetch:24⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 4684 -s 62564⤵
- Program crash
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 4684 -s 62724⤵
- Program crash
-
C:\Windows\TEMP\hrlEA32.tmpC:\Windows\TEMP\hrlEA32.tmp2⤵
-
C:\Windows\TEMP\hrlEA32Srv.exeC:\Windows\TEMP\hrlEA32Srv.exe3⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Windows directory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrlEFC0.tmpC:\Windows\TEMP\hrlEFC0.tmp2⤵
-
C:\Windows\TEMP\hrlEFC0Srv.exeC:\Windows\TEMP\hrlEFC0Srv.exe3⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
- Checks whether UAC is enabled
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrlF379.tmpC:\Windows\TEMP\hrlF379.tmp2⤵
-
C:\Windows\TEMP\hrlF379Srv.exeC:\Windows\TEMP\hrlF379Srv.exe3⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrlF713.tmpC:\Windows\TEMP\hrlF713.tmp2⤵
-
C:\Windows\TEMP\hrlF713Srv.exeC:\Windows\TEMP\hrlF713Srv.exe3⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵
- Drops file in System32 directory
- Modifies data under HKEY_USERS
-
C:\Windows\TEMP\hrlFA8D.tmpC:\Windows\TEMP\hrlFA8D.tmp2⤵
-
C:\Windows\TEMP\hrlFA8DSrv.exeC:\Windows\TEMP\hrlFA8DSrv.exe3⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrlFF41.tmpC:\Windows\TEMP\hrlFF41.tmp2⤵
-
C:\Windows\TEMP\hrlFF41Srv.exeC:\Windows\TEMP\hrlFF41Srv.exe3⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrl329.tmpC:\Windows\TEMP\hrl329.tmp2⤵
-
C:\Windows\TEMP\hrl329Srv.exeC:\Windows\TEMP\hrl329Srv.exe3⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrl7AD.tmpC:\Windows\TEMP\hrl7AD.tmp2⤵
-
C:\Windows\TEMP\hrl7ADSrv.exeC:\Windows\TEMP\hrl7ADSrv.exe3⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrlBF3.tmpC:\Windows\TEMP\hrlBF3.tmp2⤵
-
C:\Windows\TEMP\hrlBF3Srv.exeC:\Windows\TEMP\hrlBF3Srv.exe3⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
- Checks whether UAC is enabled
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
- Checks whether UAC is enabled
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrlF9C.tmpC:\Windows\TEMP\hrlF9C.tmp2⤵
- Checks whether UAC is enabled
- Drops file in Windows directory
-
C:\Windows\TEMP\hrlF9CSrv.exeC:\Windows\TEMP\hrlF9CSrv.exe3⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrl146E.tmpC:\Windows\TEMP\hrl146E.tmp2⤵
-
C:\Windows\TEMP\hrl146ESrv.exeC:\Windows\TEMP\hrl146ESrv.exe3⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrl1895.tmpC:\Windows\TEMP\hrl1895.tmp2⤵
-
C:\Windows\TEMP\hrl1895Srv.exeC:\Windows\TEMP\hrl1895Srv.exe3⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrl1CAC.tmpC:\Windows\TEMP\hrl1CAC.tmp2⤵
-
C:\Windows\TEMP\hrl1CACSrv.exeC:\Windows\TEMP\hrl1CACSrv.exe3⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Windows directory
-
C:\Windows\TEMP\hrl2140.tmpC:\Windows\TEMP\hrl2140.tmp2⤵
-
C:\Windows\TEMP\hrl2140Srv.exeC:\Windows\TEMP\hrl2140Srv.exe3⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
- Checks whether UAC is enabled
- Drops file in Program Files directory
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrl2602.tmpC:\Windows\TEMP\hrl2602.tmp2⤵
-
C:\Windows\TEMP\hrl2602Srv.exeC:\Windows\TEMP\hrl2602Srv.exe3⤵
- Checks whether UAC is enabled
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
- Checks whether UAC is enabled
- Modifies data under HKEY_USERS
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrl2A67.tmpC:\Windows\TEMP\hrl2A67.tmp2⤵
- Drops file in Program Files directory
-
C:\Windows\TEMP\hrl2A67Srv.exeC:\Windows\TEMP\hrl2A67Srv.exe3⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
- Drops file in Program Files directory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrl2ECC.tmpC:\Windows\TEMP\hrl2ECC.tmp2⤵
-
C:\Windows\TEMP\hrl2ECCSrv.exeC:\Windows\TEMP\hrl2ECCSrv.exe3⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
- Drops file in Program Files directory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3224 -ip 32241⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 664 -p 4684 -ip 46841⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 384 -p 4684 -ip 46841⤵
- Modifies data under HKEY_USERS
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrl368D.tmpC:\Windows\TEMP\hrl368D.tmp2⤵
-
C:\Windows\TEMP\hrl368DSrv.exeC:\Windows\TEMP\hrl368DSrv.exe3⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4896 CREDAT:17410 /prefetch:26⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 4896 -s 59886⤵
- Program crash
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4240 CREDAT:17410 /prefetch:24⤵
-
C:\Windows\TEMP\hrl3A17.tmpC:\Windows\TEMP\hrl3A17.tmp2⤵
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Windows directory
-
C:\Windows\TEMP\hrl3A17Srv.exeC:\Windows\TEMP\hrl3A17Srv.exe3⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrl3EE9.tmpC:\Windows\TEMP\hrl3EE9.tmp2⤵
-
C:\Windows\TEMP\hrl3EE9Srv.exeC:\Windows\TEMP\hrl3EE9Srv.exe3⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrl432F.tmpC:\Windows\TEMP\hrl432F.tmp2⤵
-
C:\Windows\TEMP\hrl432FSrv.exeC:\Windows\TEMP\hrl432FSrv.exe3⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
- Loads dropped DLL
- Drops file in Windows directory
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrl46B9.tmpC:\Windows\TEMP\hrl46B9.tmp2⤵
-
C:\Windows\TEMP\hrl46B9Srv.exeC:\Windows\TEMP\hrl46B9Srv.exe3⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵
-
C:\Windows\TEMP\hrl4B1E.tmpC:\Windows\TEMP\hrl4B1E.tmp2⤵
-
C:\Windows\TEMP\hrl4B1ESrv.exeC:\Windows\TEMP\hrl4B1ESrv.exe3⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
- Loads dropped DLL
- Checks whether UAC is enabled
- Modifies data under HKEY_USERS
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrl503F.tmpC:\Windows\TEMP\hrl503F.tmp2⤵
-
C:\Windows\TEMP\hrl503FSrv.exeC:\Windows\TEMP\hrl503FSrv.exe3⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
- Loads dropped DLL
- Drops file in Windows directory
-
C:\Windows\TEMP\hrl53E8.tmpC:\Windows\TEMP\hrl53E8.tmp2⤵
- Loads dropped DLL
- Drops file in Windows directory
-
C:\Windows\TEMP\hrl53E8Srv.exeC:\Windows\TEMP\hrl53E8Srv.exe3⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrl57FF.tmpC:\Windows\TEMP\hrl57FF.tmp2⤵
-
C:\Windows\TEMP\hrl57FFSrv.exeC:\Windows\TEMP\hrl57FFSrv.exe3⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
- Checks whether UAC is enabled
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
- Loads dropped DLL
- Drops file in Windows directory
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrl5BC8.tmpC:\Windows\TEMP\hrl5BC8.tmp2⤵
-
C:\Windows\TEMP\hrl5BC8Srv.exeC:\Windows\TEMP\hrl5BC8Srv.exe3⤵
- Loads dropped DLL
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrl608B.tmpC:\Windows\TEMP\hrl608B.tmp2⤵
-
C:\Windows\TEMP\hrl608BSrv.exeC:\Windows\TEMP\hrl608BSrv.exe3⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrl64C1.tmpC:\Windows\TEMP\hrl64C1.tmp2⤵
-
C:\Windows\TEMP\hrl64C1Srv.exeC:\Windows\TEMP\hrl64C1Srv.exe3⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
- Drops file in Program Files directory
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
- Loads dropped DLL
- Drops file in Windows directory
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrl68D8.tmpC:\Windows\TEMP\hrl68D8.tmp2⤵
-
C:\Windows\TEMP\hrl68D8Srv.exeC:\Windows\TEMP\hrl68D8Srv.exe3⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrl6D8B.tmpC:\Windows\TEMP\hrl6D8B.tmp2⤵
-
C:\Windows\TEMP\hrl6D8BSrv.exeC:\Windows\TEMP\hrl6D8BSrv.exe3⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrl71D1.tmpC:\Windows\TEMP\hrl71D1.tmp2⤵
-
C:\Windows\TEMP\hrl71D1Srv.exeC:\Windows\TEMP\hrl71D1Srv.exe3⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrl7607.tmpC:\Windows\TEMP\hrl7607.tmp2⤵
-
C:\Windows\TEMP\hrl7607Srv.exeC:\Windows\TEMP\hrl7607Srv.exe3⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrl7AAA.tmpC:\Windows\TEMP\hrl7AAA.tmp2⤵
-
C:\Windows\TEMP\hrl7AAASrv.exeC:\Windows\TEMP\hrl7AAASrv.exe3⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
- Checks whether UAC is enabled
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 416 -p 4896 -ip 48961⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrl7F5D.tmpC:\Windows\TEMP\hrl7F5D.tmp2⤵
-
C:\Windows\TEMP\hrl7F5DSrv.exeC:\Windows\TEMP\hrl7F5DSrv.exe3⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Windows directory
-
C:\Windows\TEMP\hrl8394.tmpC:\Windows\TEMP\hrl8394.tmp2⤵
-
C:\Windows\TEMP\hrl8394Srv.exeC:\Windows\TEMP\hrl8394Srv.exe3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2544 CREDAT:17410 /prefetch:25⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
- Modifies data under HKEY_USERS
-
C:\Windows\TEMP\hrl86D0.tmpC:\Windows\TEMP\hrl86D0.tmp2⤵
- Loads dropped DLL
- Drops file in Windows directory
-
C:\Windows\TEMP\hrl86D0Srv.exeC:\Windows\TEMP\hrl86D0Srv.exe3⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1764 CREDAT:17410 /prefetch:25⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1764 -s 56045⤵
- Program crash
-
C:\Windows\TEMP\hrl8CEA.tmpC:\Windows\TEMP\hrl8CEA.tmp2⤵
-
C:\Windows\TEMP\hrl8CEASrv.exeC:\Windows\TEMP\hrl8CEASrv.exe3⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrl90D2.tmpC:\Windows\TEMP\hrl90D2.tmp2⤵
- Checks whether UAC is enabled
-
C:\Windows\TEMP\hrl90D2Srv.exeC:\Windows\TEMP\hrl90D2Srv.exe3⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
- Drops file in Program Files directory
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
- Drops file in Program Files directory
-
C:\Windows\TEMP\hrl94CA.tmpC:\Windows\TEMP\hrl94CA.tmp2⤵
-
C:\Windows\TEMP\hrl94CASrv.exeC:\Windows\TEMP\hrl94CASrv.exe3⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
- Loads dropped DLL
- Drops file in Windows directory
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrl98F0.tmpC:\Windows\TEMP\hrl98F0.tmp2⤵
-
C:\Windows\TEMP\hrl98F0Srv.exeC:\Windows\TEMP\hrl98F0Srv.exe3⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
- Checks whether UAC is enabled
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrl9D07.tmpC:\Windows\TEMP\hrl9D07.tmp2⤵
-
C:\Windows\TEMP\hrl9D07Srv.exeC:\Windows\TEMP\hrl9D07Srv.exe3⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrlA11E.tmpC:\Windows\TEMP\hrlA11E.tmp2⤵
-
C:\Windows\TEMP\hrlA11ESrv.exeC:\Windows\TEMP\hrlA11ESrv.exe3⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵
-
C:\Windows\TEMP\hrlA583.tmpC:\Windows\TEMP\hrlA583.tmp2⤵
-
C:\Windows\TEMP\hrlA583Srv.exeC:\Windows\TEMP\hrlA583Srv.exe3⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
- Drops file in Program Files directory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrlAA36.tmpC:\Windows\TEMP\hrlAA36.tmp2⤵
-
C:\Windows\TEMP\hrlAA36Srv.exeC:\Windows\TEMP\hrlAA36Srv.exe3⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrlAE2E.tmpC:\Windows\TEMP\hrlAE2E.tmp2⤵
-
C:\Windows\TEMP\hrlAE2ESrv.exeC:\Windows\TEMP\hrlAE2ESrv.exe3⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrlB2B2.tmpC:\Windows\TEMP\hrlB2B2.tmp2⤵
-
C:\Windows\TEMP\hrlB2B2Srv.exeC:\Windows\TEMP\hrlB2B2Srv.exe3⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵
-
C:\Windows\TEMP\hrlB65C.tmpC:\Windows\TEMP\hrlB65C.tmp2⤵
-
C:\Windows\TEMP\hrlB65CSrv.exeC:\Windows\TEMP\hrlB65CSrv.exe3⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrlBAA1.tmpC:\Windows\TEMP\hrlBAA1.tmp2⤵
-
C:\Windows\TEMP\hrlBAA1Srv.exeC:\Windows\TEMP\hrlBAA1Srv.exe3⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
- Checks whether UAC is enabled
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrlBF35.tmpC:\Windows\TEMP\hrlBF35.tmp2⤵
-
C:\Windows\TEMP\hrlBF35Srv.exeC:\Windows\TEMP\hrlBF35Srv.exe3⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrlC3F8.tmpC:\Windows\TEMP\hrlC3F8.tmp2⤵
-
C:\Windows\TEMP\hrlC3F8Srv.exeC:\Windows\TEMP\hrlC3F8Srv.exe3⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrlC86D.tmpC:\Windows\TEMP\hrlC86D.tmp2⤵
-
C:\Windows\TEMP\hrlC86DSrv.exeC:\Windows\TEMP\hrlC86DSrv.exe3⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 632 -p 1764 -ip 17641⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrlCDDB.tmpC:\Windows\TEMP\hrlCDDB.tmp2⤵
-
C:\Windows\TEMP\hrlCDDBSrv.exeC:\Windows\TEMP\hrlCDDBSrv.exe3⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2624 CREDAT:17410 /prefetch:26⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5872 CREDAT:17410 /prefetch:24⤵
-
C:\Windows\TEMP\hrlD146.tmpC:\Windows\TEMP\hrlD146.tmp2⤵
-
C:\Windows\TEMP\hrlD146Srv.exeC:\Windows\TEMP\hrlD146Srv.exe3⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
- Checks whether UAC is enabled
- Modifies data under HKEY_USERS
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrlD676.tmpC:\Windows\TEMP\hrlD676.tmp2⤵
-
C:\Windows\TEMP\hrlD676Srv.exeC:\Windows\TEMP\hrlD676Srv.exe3⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrlDA20.tmpC:\Windows\TEMP\hrlDA20.tmp2⤵
-
C:\Windows\TEMP\hrlDA20Srv.exeC:\Windows\TEMP\hrlDA20Srv.exe3⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrlDE75.tmpC:\Windows\TEMP\hrlDE75.tmp2⤵
-
C:\Windows\TEMP\hrlDE75Srv.exeC:\Windows\TEMP\hrlDE75Srv.exe3⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrlE2AB.tmpC:\Windows\TEMP\hrlE2AB.tmp2⤵
-
C:\Windows\TEMP\hrlE2ABSrv.exeC:\Windows\TEMP\hrlE2ABSrv.exe3⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrlE645.tmpC:\Windows\TEMP\hrlE645.tmp2⤵
-
C:\Windows\TEMP\hrlE645Srv.exeC:\Windows\TEMP\hrlE645Srv.exe3⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
- Drops file in Program Files directory
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
- Checks whether UAC is enabled
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrlEA4C.tmpC:\Windows\TEMP\hrlEA4C.tmp2⤵
-
C:\Windows\TEMP\hrlEA4CSrv.exeC:\Windows\TEMP\hrlEA4CSrv.exe3⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrlEE25.tmpC:\Windows\TEMP\hrlEE25.tmp2⤵
-
C:\Windows\TEMP\hrlEE25Srv.exeC:\Windows\TEMP\hrlEE25Srv.exe3⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
- Checks whether UAC is enabled
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrlF2B9.tmpC:\Windows\TEMP\hrlF2B9.tmp2⤵
-
C:\Windows\TEMP\hrlF2B9Srv.exeC:\Windows\TEMP\hrlF2B9Srv.exe3⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrlF6C0.tmpC:\Windows\TEMP\hrlF6C0.tmp2⤵
-
C:\Windows\TEMP\hrlF6C0Srv.exeC:\Windows\TEMP\hrlF6C0Srv.exe3⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\woyooo.exeC:\Windows\woyooo.exe1⤵
-
C:\Windows\woyoooSrv.exeC:\Windows\woyoooSrv.exe2⤵
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Windows\TEMP\hrlFB15.tmpC:\Windows\TEMP\hrlFB15.tmp2⤵
-
C:\Windows\TEMP\hrlFB15Srv.exeC:\Windows\TEMP\hrlFB15Srv.exe3⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exeFilesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exeFilesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exeFilesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exeFilesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exeFilesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exeFilesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exeFilesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exeFilesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exeFilesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exeFilesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exeFilesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exeFilesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exeFilesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exeFilesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exeFilesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a
-
C:\Users\Admin\AppData\Local\Temp\3cabd6b4edbffa940ed1080ab93015ed89a5d1ab228e5008677de63dbd2fbbe3Srv.exeFilesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a
-
C:\Users\Admin\AppData\Local\Temp\3cabd6b4edbffa940ed1080ab93015ed89a5d1ab228e5008677de63dbd2fbbe3Srv.exeFilesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a
-
C:\Windows\SysWOW64\hra8.dllFilesize
482KB
MD5c557b3eb2cfc0f897ef106d909e8fcd1
SHA1edb013dcd2071f87529de64c13eb8cf8c8c9cd94
SHA2561277b91193b0d5271a6030d0a1dcc23de6f497120a6e73549d4996009fa92e58
SHA5128e6d9c3b69d3703763cadaa47147865d801cdbe952f36ebc6b1764bdc4a32267d017fa7eccdd846da8a2496d2e30b4d9487c06a3db4b7bc70f8a874b65c7869d
-
C:\Windows\SysWOW64\hra8.dllFilesize
12KB
MD5de61de242b5500304af17e4661100ea5
SHA1ed6c1fce0696ce100a93f2d3cea83a0475947e4f
SHA2563c373fde7222d1e3c5a13339d37f3b5752374210ae09974b4f17baa261c3b9a5
SHA512b393464bfd694bb314cf9c8f3d19ab6750cc65d9e3506c1b91a8658a227e9f8614b1f65b8eaa7b7e844d7308b450e690627e3eb1a8101ca80917c62233d1473f
-
C:\Windows\SysWOW64\hra8.dllFilesize
12KB
MD5de61de242b5500304af17e4661100ea5
SHA1ed6c1fce0696ce100a93f2d3cea83a0475947e4f
SHA2563c373fde7222d1e3c5a13339d37f3b5752374210ae09974b4f17baa261c3b9a5
SHA512b393464bfd694bb314cf9c8f3d19ab6750cc65d9e3506c1b91a8658a227e9f8614b1f65b8eaa7b7e844d7308b450e690627e3eb1a8101ca80917c62233d1473f
-
C:\Windows\SysWOW64\hra8.dllFilesize
12KB
MD5de61de242b5500304af17e4661100ea5
SHA1ed6c1fce0696ce100a93f2d3cea83a0475947e4f
SHA2563c373fde7222d1e3c5a13339d37f3b5752374210ae09974b4f17baa261c3b9a5
SHA512b393464bfd694bb314cf9c8f3d19ab6750cc65d9e3506c1b91a8658a227e9f8614b1f65b8eaa7b7e844d7308b450e690627e3eb1a8101ca80917c62233d1473f
-
C:\Windows\SysWOW64\hra8.dllFilesize
482KB
MD5c557b3eb2cfc0f897ef106d909e8fcd1
SHA1edb013dcd2071f87529de64c13eb8cf8c8c9cd94
SHA2561277b91193b0d5271a6030d0a1dcc23de6f497120a6e73549d4996009fa92e58
SHA5128e6d9c3b69d3703763cadaa47147865d801cdbe952f36ebc6b1764bdc4a32267d017fa7eccdd846da8a2496d2e30b4d9487c06a3db4b7bc70f8a874b65c7869d
-
C:\Windows\SysWOW64\hra8.dllFilesize
12KB
MD5de61de242b5500304af17e4661100ea5
SHA1ed6c1fce0696ce100a93f2d3cea83a0475947e4f
SHA2563c373fde7222d1e3c5a13339d37f3b5752374210ae09974b4f17baa261c3b9a5
SHA512b393464bfd694bb314cf9c8f3d19ab6750cc65d9e3506c1b91a8658a227e9f8614b1f65b8eaa7b7e844d7308b450e690627e3eb1a8101ca80917c62233d1473f
-
C:\Windows\SysWOW64\hra8.dllFilesize
12KB
MD5de61de242b5500304af17e4661100ea5
SHA1ed6c1fce0696ce100a93f2d3cea83a0475947e4f
SHA2563c373fde7222d1e3c5a13339d37f3b5752374210ae09974b4f17baa261c3b9a5
SHA512b393464bfd694bb314cf9c8f3d19ab6750cc65d9e3506c1b91a8658a227e9f8614b1f65b8eaa7b7e844d7308b450e690627e3eb1a8101ca80917c62233d1473f
-
C:\Windows\SysWOW64\hra864.dllFilesize
128B
MD51bbb616322d34852b7e71e7253c8eaac
SHA1f6a19ac9515b17a7c95aa99fdeff2b8260547d4c
SHA256a2eaf05f2fc8bde09ff96abc7c5d428ecef100bec34896232710210005cab511
SHA512e5ff535839431c216614c4d8e1b5d6bdde3dad58127300444aad9339c5d7215bedf1eccdb924c06c38bdda4e84585f21f8b6288f5cb0c5cf23ee885058c4dba1
-
C:\Windows\SysWOW64\hra864.dllFilesize
128B
MD51bbb616322d34852b7e71e7253c8eaac
SHA1f6a19ac9515b17a7c95aa99fdeff2b8260547d4c
SHA256a2eaf05f2fc8bde09ff96abc7c5d428ecef100bec34896232710210005cab511
SHA512e5ff535839431c216614c4d8e1b5d6bdde3dad58127300444aad9339c5d7215bedf1eccdb924c06c38bdda4e84585f21f8b6288f5cb0c5cf23ee885058c4dba1
-
C:\Windows\SysWOW64\hra864.dllFilesize
128B
MD51bbb616322d34852b7e71e7253c8eaac
SHA1f6a19ac9515b17a7c95aa99fdeff2b8260547d4c
SHA256a2eaf05f2fc8bde09ff96abc7c5d428ecef100bec34896232710210005cab511
SHA512e5ff535839431c216614c4d8e1b5d6bdde3dad58127300444aad9339c5d7215bedf1eccdb924c06c38bdda4e84585f21f8b6288f5cb0c5cf23ee885058c4dba1
-
C:\Windows\TEMP\hrlC1FE.tmpFilesize
469KB
MD5709802f0cfb676e53115189b5cd91cfc
SHA197027efdd9473b5f431179bc9b7ced86126cc625
SHA2563cabd6b4edbffa940ed1080ab93015ed89a5d1ab228e5008677de63dbd2fbbe3
SHA5122e7fd447ecfdb6bb53dce4e7d560881ecfbe036b5dd2c20414fb76c792653ca40a2b9774cc40ee074d3a4c0a340521bf120a93d174c3c69ce2fb562412ba951e
-
C:\Windows\TEMP\hrlC1FESrv.exeFilesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a
-
C:\Windows\TEMP\hrlEEEA.tmpFilesize
469KB
MD5709802f0cfb676e53115189b5cd91cfc
SHA197027efdd9473b5f431179bc9b7ced86126cc625
SHA2563cabd6b4edbffa940ed1080ab93015ed89a5d1ab228e5008677de63dbd2fbbe3
SHA5122e7fd447ecfdb6bb53dce4e7d560881ecfbe036b5dd2c20414fb76c792653ca40a2b9774cc40ee074d3a4c0a340521bf120a93d174c3c69ce2fb562412ba951e
-
C:\Windows\TEMP\hrlEEEASrv.exeFilesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a
-
C:\Windows\Temp\hrlC1FE.tmpFilesize
469KB
MD5709802f0cfb676e53115189b5cd91cfc
SHA197027efdd9473b5f431179bc9b7ced86126cc625
SHA2563cabd6b4edbffa940ed1080ab93015ed89a5d1ab228e5008677de63dbd2fbbe3
SHA5122e7fd447ecfdb6bb53dce4e7d560881ecfbe036b5dd2c20414fb76c792653ca40a2b9774cc40ee074d3a4c0a340521bf120a93d174c3c69ce2fb562412ba951e
-
C:\Windows\Temp\hrlC1FESrv.exeFilesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a
-
C:\Windows\Temp\hrlEEEA.tmpFilesize
469KB
MD5709802f0cfb676e53115189b5cd91cfc
SHA197027efdd9473b5f431179bc9b7ced86126cc625
SHA2563cabd6b4edbffa940ed1080ab93015ed89a5d1ab228e5008677de63dbd2fbbe3
SHA5122e7fd447ecfdb6bb53dce4e7d560881ecfbe036b5dd2c20414fb76c792653ca40a2b9774cc40ee074d3a4c0a340521bf120a93d174c3c69ce2fb562412ba951e
-
C:\Windows\Temp\hrlEEEASrv.exeFilesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a
-
C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63Filesize
1KB
MD572d715b2396286b749f3089e313cf5c7
SHA11b691747f3423391a39a0a60f5dee49874d3c986
SHA256d90210974205104013220df68e829fa74e13104807f4a505deb12832bacb3ef0
SHA5127ecea2fee7db17c801ec3c78bd65a46e3a2687eac8826a42a1b978e4daee8906acdc5fbed3a866701896213467f0cc4fb8ab642be5f2a645cdb897d2d60dc995
-
C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63Filesize
404B
MD590f35fe1db5460762b8c2e4770dc9e05
SHA16d205fb947b4277d1e0526f1669b76c304d40975
SHA256a0f202767f5bed02bc73133cd1ab70728667f9f2953df7b4428d4439a6ad5879
SHA5123cba99ce0adb80bdaa2d81f7563764d2c355985eb46dbe533b71c4a65d01e09229c6cbe40564630df02769ee62ee189a6a1ee91563153f62a252014f13668fe3
-
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5c2b1ebba1b0e0d87b7d7391eec3891bc
SHA10885f089f334518425e683c1d463146077e5f539
SHA256fccdf33996048effe578fc718fb92a18a4e61abc7964630f46c8651dbea40839
SHA512c2b7826e779566e2a2f9ec813e8bcafbed60e2d4bddf420c66a632e665196a7d730e9013993b1e78186095f08db9e9306d8fc9d174bcd1c11e29c3c4291242e9
-
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Crashpad\throttle_store.datFilesize
20B
MD59e4e94633b73f4a7680240a0ffd6cd2c
SHA1e68e02453ce22736169a56fdb59043d33668368f
SHA25641c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304
SHA512193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337
-
C:\Windows\woyooo.exeFilesize
469KB
MD5709802f0cfb676e53115189b5cd91cfc
SHA197027efdd9473b5f431179bc9b7ced86126cc625
SHA2563cabd6b4edbffa940ed1080ab93015ed89a5d1ab228e5008677de63dbd2fbbe3
SHA5122e7fd447ecfdb6bb53dce4e7d560881ecfbe036b5dd2c20414fb76c792653ca40a2b9774cc40ee074d3a4c0a340521bf120a93d174c3c69ce2fb562412ba951e
-
C:\Windows\woyooo.exeFilesize
469KB
MD5709802f0cfb676e53115189b5cd91cfc
SHA197027efdd9473b5f431179bc9b7ced86126cc625
SHA2563cabd6b4edbffa940ed1080ab93015ed89a5d1ab228e5008677de63dbd2fbbe3
SHA5122e7fd447ecfdb6bb53dce4e7d560881ecfbe036b5dd2c20414fb76c792653ca40a2b9774cc40ee074d3a4c0a340521bf120a93d174c3c69ce2fb562412ba951e
-
C:\Windows\woyooo.exeFilesize
469KB
MD5709802f0cfb676e53115189b5cd91cfc
SHA197027efdd9473b5f431179bc9b7ced86126cc625
SHA2563cabd6b4edbffa940ed1080ab93015ed89a5d1ab228e5008677de63dbd2fbbe3
SHA5122e7fd447ecfdb6bb53dce4e7d560881ecfbe036b5dd2c20414fb76c792653ca40a2b9774cc40ee074d3a4c0a340521bf120a93d174c3c69ce2fb562412ba951e
-
C:\Windows\woyooo.exeFilesize
469KB
MD5709802f0cfb676e53115189b5cd91cfc
SHA197027efdd9473b5f431179bc9b7ced86126cc625
SHA2563cabd6b4edbffa940ed1080ab93015ed89a5d1ab228e5008677de63dbd2fbbe3
SHA5122e7fd447ecfdb6bb53dce4e7d560881ecfbe036b5dd2c20414fb76c792653ca40a2b9774cc40ee074d3a4c0a340521bf120a93d174c3c69ce2fb562412ba951e
-
C:\Windows\woyooo.exeFilesize
469KB
MD5709802f0cfb676e53115189b5cd91cfc
SHA197027efdd9473b5f431179bc9b7ced86126cc625
SHA2563cabd6b4edbffa940ed1080ab93015ed89a5d1ab228e5008677de63dbd2fbbe3
SHA5122e7fd447ecfdb6bb53dce4e7d560881ecfbe036b5dd2c20414fb76c792653ca40a2b9774cc40ee074d3a4c0a340521bf120a93d174c3c69ce2fb562412ba951e
-
C:\Windows\woyooo.exeFilesize
469KB
MD5709802f0cfb676e53115189b5cd91cfc
SHA197027efdd9473b5f431179bc9b7ced86126cc625
SHA2563cabd6b4edbffa940ed1080ab93015ed89a5d1ab228e5008677de63dbd2fbbe3
SHA5122e7fd447ecfdb6bb53dce4e7d560881ecfbe036b5dd2c20414fb76c792653ca40a2b9774cc40ee074d3a4c0a340521bf120a93d174c3c69ce2fb562412ba951e
-
C:\Windows\woyoooSrv.exeFilesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a
-
C:\Windows\woyoooSrv.exeFilesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a
-
C:\Windows\woyoooSrv.exeFilesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a
-
C:\Windows\woyoooSrv.exeFilesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a
-
C:\Windows\woyoooSrv.exeFilesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a
-
C:\Windows\woyoooSrv.exeFilesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a
-
C:\Windows\woyoooSrv.exeFilesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a
-
C:\Windows\woyoooSrv.exeFilesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a
-
C:\Windows\woyoooSrv.exeFilesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a
-
C:\Windows\woyoooSrv.exeFilesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a
-
\??\pipe\LOCAL\crashpad_4928_UKFBFUMTTZMILDXUMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/732-260-0x0000000000000000-mapping.dmp
-
memory/1032-172-0x0000000000000000-mapping.dmp
-
memory/1032-299-0x0000000000000000-mapping.dmp
-
memory/1076-316-0x0000000000400000-0x0000000000479000-memory.dmpFilesize
484KB
-
memory/1100-298-0x0000000000000000-mapping.dmp
-
memory/1100-170-0x0000000000000000-mapping.dmp
-
memory/1120-169-0x0000000000000000-mapping.dmp
-
memory/1252-311-0x0000000000400000-0x000000000042E000-memory.dmpFilesize
184KB
-
memory/1260-214-0x0000000000000000-mapping.dmp
-
memory/1260-220-0x0000000000400000-0x000000000042E000-memory.dmpFilesize
184KB
-
memory/1276-218-0x0000000000000000-mapping.dmp
-
memory/1356-204-0x0000000000000000-mapping.dmp
-
memory/1360-147-0x0000000000400000-0x000000000042E000-memory.dmpFilesize
184KB
-
memory/1360-137-0x0000000000000000-mapping.dmp
-
memory/1364-321-0x0000000000400000-0x0000000000479000-memory.dmpFilesize
484KB
-
memory/1572-165-0x0000000000000000-mapping.dmp
-
memory/1644-297-0x0000000000400000-0x0000000000479000-memory.dmpFilesize
484KB
-
memory/1644-286-0x0000000000400000-0x0000000000479000-memory.dmpFilesize
484KB
-
memory/1800-304-0x0000000000400000-0x0000000000479000-memory.dmpFilesize
484KB
-
memory/2084-313-0x0000000000540000-0x000000000054F000-memory.dmpFilesize
60KB
-
memory/2084-314-0x0000000000400000-0x000000000042E000-memory.dmpFilesize
184KB
-
memory/2660-145-0x0000000000000000-mapping.dmp
-
memory/2820-158-0x0000000000400000-0x0000000000479000-memory.dmpFilesize
484KB
-
memory/2820-193-0x0000000000000000-mapping.dmp
-
memory/2820-151-0x0000000000000000-mapping.dmp
-
memory/2932-312-0x0000000000400000-0x0000000000479000-memory.dmpFilesize
484KB
-
memory/2940-282-0x0000000000000000-mapping.dmp
-
memory/2940-287-0x0000000000400000-0x0000000000479000-memory.dmpFilesize
484KB
-
memory/3136-185-0x0000000000000000-mapping.dmp
-
memory/3172-320-0x0000000000400000-0x000000000042E000-memory.dmpFilesize
184KB
-
memory/3172-308-0x0000000000400000-0x0000000000479000-memory.dmpFilesize
484KB
-
memory/3492-315-0x0000000000400000-0x0000000000479000-memory.dmpFilesize
484KB
-
memory/3492-310-0x0000000000400000-0x0000000000479000-memory.dmpFilesize
484KB
-
memory/3696-139-0x0000000000400000-0x000000000042E000-memory.dmpFilesize
184KB
-
memory/3696-306-0x0000000000400000-0x000000000042E000-memory.dmpFilesize
184KB
-
memory/3696-131-0x0000000000000000-mapping.dmp
-
memory/3704-296-0x0000000000400000-0x0000000000479000-memory.dmpFilesize
484KB
-
memory/3704-292-0x0000000000000000-mapping.dmp
-
memory/3720-211-0x0000000000000000-mapping.dmp
-
memory/3720-216-0x0000000000400000-0x0000000000479000-memory.dmpFilesize
484KB
-
memory/3756-189-0x0000000000000000-mapping.dmp
-
memory/3756-192-0x00000000004B0000-0x00000000004BF000-memory.dmpFilesize
60KB
-
memory/3936-272-0x0000000000000000-mapping.dmp
-
memory/3956-163-0x0000000000000000-mapping.dmp
-
memory/3976-154-0x0000000000000000-mapping.dmp
-
memory/3976-160-0x0000000000400000-0x000000000042E000-memory.dmpFilesize
184KB
-
memory/3988-201-0x0000000000000000-mapping.dmp
-
memory/4016-294-0x0000000000000000-mapping.dmp
-
memory/4048-175-0x0000000000000000-mapping.dmp
-
memory/4176-157-0x0000000000000000-mapping.dmp
-
memory/4216-199-0x0000000000400000-0x0000000000479000-memory.dmpFilesize
484KB
-
memory/4296-183-0x0000000000000000-mapping.dmp
-
memory/4340-289-0x0000000000400000-0x000000000042E000-memory.dmpFilesize
184KB
-
memory/4340-285-0x0000000000000000-mapping.dmp
-
memory/4340-291-0x0000000000470000-0x000000000047F000-memory.dmpFilesize
60KB
-
memory/4368-181-0x0000000000000000-mapping.dmp
-
memory/4472-177-0x0000000000000000-mapping.dmp
-
memory/4492-283-0x0000000000400000-0x0000000000479000-memory.dmpFilesize
484KB
-
memory/4740-222-0x0000000000400000-0x0000000000479000-memory.dmpFilesize
484KB
-
memory/4740-207-0x0000000000400000-0x0000000000479000-memory.dmpFilesize
484KB
-
memory/4864-301-0x0000000000000000-mapping.dmp
-
memory/4864-187-0x0000000000000000-mapping.dmp
-
memory/4864-303-0x0000000000400000-0x000000000042E000-memory.dmpFilesize
184KB
-
memory/4892-300-0x0000000000000000-mapping.dmp
-
memory/4892-302-0x0000000000400000-0x0000000000479000-memory.dmpFilesize
484KB
-
memory/4908-309-0x0000000000400000-0x0000000000479000-memory.dmpFilesize
484KB
-
memory/4928-164-0x0000000000000000-mapping.dmp
-
memory/4944-290-0x0000000000000000-mapping.dmp
-
memory/5048-280-0x0000000000000000-mapping.dmp
-
memory/5060-144-0x0000000000400000-0x0000000000479000-memory.dmpFilesize
484KB
-
memory/5060-130-0x0000000000400000-0x0000000000479000-memory.dmpFilesize
484KB
-
memory/5080-162-0x0000000000400000-0x0000000000479000-memory.dmpFilesize
484KB
-
memory/5080-149-0x0000000000400000-0x0000000000479000-memory.dmpFilesize
484KB
-
memory/5084-135-0x0000000000000000-mapping.dmp
-
memory/5084-142-0x0000000000400000-0x000000000042E000-memory.dmpFilesize
184KB
-
memory/5116-179-0x0000000000000000-mapping.dmp
-
memory/5140-261-0x0000000000470000-0x000000000047F000-memory.dmpFilesize
60KB
-
memory/5140-271-0x0000000000000000-mapping.dmp
-
memory/5140-258-0x0000000000000000-mapping.dmp
-
memory/5164-318-0x0000000000400000-0x000000000042E000-memory.dmpFilesize
184KB
-
memory/5164-319-0x0000000000540000-0x000000000054F000-memory.dmpFilesize
60KB
-
memory/5212-305-0x0000000000500000-0x000000000050F000-memory.dmpFilesize
60KB
-
memory/5240-235-0x0000000000400000-0x0000000000479000-memory.dmpFilesize
484KB
-
memory/5244-264-0x0000000000000000-mapping.dmp
-
memory/5260-226-0x0000000000000000-mapping.dmp
-
memory/5268-284-0x0000000000000000-mapping.dmp
-
memory/5268-288-0x0000000000400000-0x000000000042E000-memory.dmpFilesize
184KB
-
memory/5292-229-0x0000000000000000-mapping.dmp
-
memory/5292-281-0x0000000000000000-mapping.dmp
-
memory/5424-278-0x0000000000400000-0x000000000042E000-memory.dmpFilesize
184KB
-
memory/5424-275-0x0000000000000000-mapping.dmp
-
memory/5424-246-0x0000000000400000-0x0000000000479000-memory.dmpFilesize
484KB
-
memory/5444-237-0x0000000000000000-mapping.dmp
-
memory/5456-307-0x0000000000400000-0x0000000000479000-memory.dmpFilesize
484KB
-
memory/5476-240-0x0000000000000000-mapping.dmp
-
memory/5492-276-0x0000000000400000-0x0000000000479000-memory.dmpFilesize
484KB
-
memory/5492-274-0x0000000000000000-mapping.dmp
-
memory/5576-267-0x0000000000000000-mapping.dmp
-
memory/5580-277-0x0000000000000000-mapping.dmp
-
memory/5588-245-0x0000000000400000-0x0000000000479000-memory.dmpFilesize
484KB
-
memory/5588-242-0x0000000000000000-mapping.dmp
-
memory/5620-247-0x0000000000400000-0x000000000042E000-memory.dmpFilesize
184KB
-
memory/5620-243-0x0000000000000000-mapping.dmp
-
memory/5648-248-0x0000000000470000-0x000000000047F000-memory.dmpFilesize
60KB
-
memory/5648-244-0x0000000000000000-mapping.dmp
-
memory/5648-269-0x0000000000400000-0x0000000000479000-memory.dmpFilesize
484KB
-
memory/5648-265-0x0000000000000000-mapping.dmp
-
memory/5700-268-0x0000000000400000-0x000000000042E000-memory.dmpFilesize
184KB
-
memory/5700-266-0x0000000000000000-mapping.dmp
-
memory/5852-251-0x0000000000400000-0x0000000000479000-memory.dmpFilesize
484KB
-
memory/5852-254-0x0000000000400000-0x0000000000479000-memory.dmpFilesize
484KB
-
memory/5868-249-0x0000000000000000-mapping.dmp
-
memory/5892-250-0x0000000000000000-mapping.dmp
-
memory/5892-295-0x0000000000400000-0x000000000042E000-memory.dmpFilesize
184KB
-
memory/5892-293-0x0000000000000000-mapping.dmp
-
memory/6000-253-0x0000000000000000-mapping.dmp
-
memory/6056-256-0x0000000000400000-0x0000000000479000-memory.dmpFilesize
484KB
-
memory/6056-279-0x0000000000400000-0x0000000000479000-memory.dmpFilesize
484KB
-
memory/6056-252-0x0000000000000000-mapping.dmp
-
memory/6056-273-0x0000000000400000-0x0000000000479000-memory.dmpFilesize
484KB
-
memory/6068-317-0x0000000000400000-0x0000000000479000-memory.dmpFilesize
484KB
-
memory/6068-322-0x0000000000400000-0x0000000000479000-memory.dmpFilesize
484KB
-
memory/6080-255-0x0000000000000000-mapping.dmp
-
memory/6080-259-0x0000000000400000-0x000000000042E000-memory.dmpFilesize
184KB
-
memory/6112-262-0x0000000000400000-0x0000000000479000-memory.dmpFilesize
484KB
-
memory/6112-270-0x0000000000400000-0x0000000000479000-memory.dmpFilesize
484KB
-
memory/6136-263-0x0000000000500000-0x000000000050F000-memory.dmpFilesize
60KB
-
memory/6136-257-0x0000000000000000-mapping.dmp