a2ec329d801922c92401f079f3ffcee7b61c895703145fc2c92f8edeeb850ef9

Analysis

max time kernel
116s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 19:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a2ec329d801922c92401f079f3ffcee7b61c895703145fc2c92f8edeeb850ef9.exe
Size

223KB
MD5

489a4af4086ff8ed8728d31cbb273059
SHA1

50b47aef62a6061e4d102ad74ee762827547f226
SHA256

a2ec329d801922c92401f079f3ffcee7b61c895703145fc2c92f8edeeb850ef9
SHA512

5daccad9addb8e0839992443dfbda7654e67075ddde834630c6c8d65d3699fbb8429d1d917944fb71a52ca6e545120f98de62a90fab6fb6d095db987b2815b23
SSDEEP

6144:Q2mXKKilL4IBuEq7h+85MrsFy0WoPlcFP:Q2QKKAL/w7g85M4/vl2P

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
4872	ulcdsrv.exe
1340	ulcdsrv.exe
2296	ulcdsrv.exe
1776	ulcdsrv.exe
1828	ulcdsrv.exe
204	ulcdsrv.exe
2204	ulcdsrv.exe
4644	ulcdsrv.exe
1252	ulcdsrv.exe
2336	ulcdsrv.exe
440	ulcdsrv.exe
4308	ulcdsrv.exe
2032	ulcdsrv.exe
4424	ulcdsrv.exe
4840	ulcdsrv.exe
1968	ulcdsrv.exe
2036	ulcdsrv.exe
4716	ulcdsrv.exe
3284	ulcdsrv.exe
4168	ulcdsrv.exe
1860	ulcdsrv.exe
2056	ulcdsrv.exe
3000	ulcdsrv.exe
3592	ulcdsrv.exe
3140	ulcdsrv.exe
4920	ulcdsrv.exe
2596	ulcdsrv.exe
4576	ulcdsrv.exe
3500	ulcdsrv.exe
3268	ulcdsrv.exe
4864	ulcdsrv.exe
860	ulcdsrv.exe
4436	ulcdsrv.exe
2000	ulcdsrv.exe
3744	ulcdsrv.exe
3156	ulcdsrv.exe
220	ulcdsrv.exe
2980	ulcdsrv.exe
4644	ulcdsrv.exe
1252	ulcdsrv.exe
988	ulcdsrv.exe
4400	ulcdsrv.exe
2008	ulcdsrv.exe
772	ulcdsrv.exe
4972	ulcdsrv.exe
3204	ulcdsrv.exe
2964	ulcdsrv.exe
3536	ulcdsrv.exe
3284	ulcdsrv.exe
4168	ulcdsrv.exe
4036	ulcdsrv.exe
1964	ulcdsrv.exe
2616	ulcdsrv.exe
776	ulcdsrv.exe
396	ulcdsrv.exe
3548	ulcdsrv.exe
3216	ulcdsrv.exe
1400	ulcdsrv.exe
1824	ulcdsrv.exe
1060	ulcdsrv.exe
1864	ulcdsrv.exe
3184	ulcdsrv.exe
224	ulcdsrv.exe
2468	ulcdsrv.exe

Checks computer location settings 2 TTPs 64 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	ulcdsrv.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	ulcdsrv.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	ulcdsrv.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	ulcdsrv.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	ulcdsrv.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	ulcdsrv.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	ulcdsrv.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	ulcdsrv.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	ulcdsrv.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	ulcdsrv.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	ulcdsrv.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	ulcdsrv.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	ulcdsrv.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	ulcdsrv.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	ulcdsrv.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	ulcdsrv.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	ulcdsrv.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	ulcdsrv.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	ulcdsrv.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	ulcdsrv.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	ulcdsrv.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	ulcdsrv.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	ulcdsrv.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	ulcdsrv.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	ulcdsrv.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	ulcdsrv.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	ulcdsrv.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	ulcdsrv.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	ulcdsrv.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	ulcdsrv.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	ulcdsrv.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	ulcdsrv.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	ulcdsrv.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	ulcdsrv.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	ulcdsrv.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	ulcdsrv.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	ulcdsrv.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	ulcdsrv.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	ulcdsrv.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	ulcdsrv.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	ulcdsrv.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	ulcdsrv.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	ulcdsrv.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	ulcdsrv.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	ulcdsrv.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	ulcdsrv.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	ulcdsrv.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	ulcdsrv.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	ulcdsrv.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	ulcdsrv.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	ulcdsrv.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	ulcdsrv.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	ulcdsrv.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	ulcdsrv.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	ulcdsrv.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	ulcdsrv.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	ulcdsrv.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	ulcdsrv.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	ulcdsrv.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	ulcdsrv.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	ulcdsrv.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	ulcdsrv.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	ulcdsrv.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	ulcdsrv.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\ulcdsrv.exe	ulcdsrv.exe
File created	C:\Windows\SysWOW64\ulcdsrv.exe	ulcdsrv.exe
File created	C:\Windows\SysWOW64\ulcdsrv.exe	ulcdsrv.exe
File created	C:\Windows\SysWOW64\ulcdsrv.exe	ulcdsrv.exe
File created	C:\Windows\SysWOW64\ulcdsrv.exe	ulcdsrv.exe
File created	C:\Windows\SysWOW64\ulcdsrv.exe	ulcdsrv.exe
File created	C:\Windows\SysWOW64\ulcdsrv.exe	ulcdsrv.exe
File created	C:\Windows\SysWOW64\ulcdsrv.exe	ulcdsrv.exe
File created	C:\Windows\SysWOW64\ulcdsrv.exe	ulcdsrv.exe
File created	C:\Windows\SysWOW64\ulcdsrv.exe	ulcdsrv.exe
File created	C:\Windows\SysWOW64\ulcdsrv.exe	ulcdsrv.exe
File created	C:\Windows\SysWOW64\ulcdsrv.exe	ulcdsrv.exe
File created	C:\Windows\SysWOW64\ulcdsrv.exe	ulcdsrv.exe
File created	C:\Windows\SysWOW64\ulcdsrv.exe	ulcdsrv.exe
File created	C:\Windows\SysWOW64\ulcdsrv.exe	ulcdsrv.exe
File created	C:\Windows\SysWOW64\ulcdsrv.exe	ulcdsrv.exe
File created	C:\Windows\SysWOW64\ulcdsrv.exe	ulcdsrv.exe
File created	C:\Windows\SysWOW64\ulcdsrv.exe	ulcdsrv.exe
File created	C:\Windows\SysWOW64\ulcdsrv.exe	ulcdsrv.exe
File created	C:\Windows\SysWOW64\ulcdsrv.exe	ulcdsrv.exe
File created	C:\Windows\SysWOW64\ulcdsrv.exe	ulcdsrv.exe
File created	C:\Windows\SysWOW64\ulcdsrv.exe	ulcdsrv.exe
File created	C:\Windows\SysWOW64\ulcdsrv.exe	ulcdsrv.exe
File created	C:\Windows\SysWOW64\ulcdsrv.exe	ulcdsrv.exe
File created	C:\Windows\SysWOW64\ulcdsrv.exe	ulcdsrv.exe
File created	C:\Windows\SysWOW64\ulcdsrv.exe	ulcdsrv.exe
File created	C:\Windows\SysWOW64\ulcdsrv.exe	ulcdsrv.exe
File created	C:\Windows\SysWOW64\ulcdsrv.exe	ulcdsrv.exe
File created	C:\Windows\SysWOW64\ulcdsrv.exe	ulcdsrv.exe
File created	C:\Windows\SysWOW64\ulcdsrv.exe	ulcdsrv.exe
File created	C:\Windows\SysWOW64\ulcdsrv.exe	ulcdsrv.exe
File created	C:\Windows\SysWOW64\ulcdsrv.exe	ulcdsrv.exe
File created	C:\Windows\SysWOW64\ulcdsrv.exe	ulcdsrv.exe
File created	C:\Windows\SysWOW64\ulcdsrv.exe	ulcdsrv.exe
File created	C:\Windows\SysWOW64\ulcdsrv.exe	ulcdsrv.exe
File created	C:\Windows\SysWOW64\ulcdsrv.exe	ulcdsrv.exe
File created	C:\Windows\SysWOW64\ulcdsrv.exe	ulcdsrv.exe
File created	C:\Windows\SysWOW64\ulcdsrv.exe	ulcdsrv.exe
File created	C:\Windows\SysWOW64\ulcdsrv.exe	ulcdsrv.exe
File created	C:\Windows\SysWOW64\ulcdsrv.exe	ulcdsrv.exe
File created	C:\Windows\SysWOW64\ulcdsrv.exe	ulcdsrv.exe
File created	C:\Windows\SysWOW64\ulcdsrv.exe	ulcdsrv.exe
File created	C:\Windows\SysWOW64\ulcdsrv.exe	ulcdsrv.exe
File created	C:\Windows\SysWOW64\ulcdsrv.exe	ulcdsrv.exe
File created	C:\Windows\SysWOW64\ulcdsrv.exe	ulcdsrv.exe
File created	C:\Windows\SysWOW64\ulcdsrv.exe	ulcdsrv.exe
File created	C:\Windows\SysWOW64\ulcdsrv.exe	ulcdsrv.exe
File created	C:\Windows\SysWOW64\ulcdsrv.exe	ulcdsrv.exe
File created	C:\Windows\SysWOW64\ulcdsrv.exe	ulcdsrv.exe
File created	C:\Windows\SysWOW64\ulcdsrv.exe	ulcdsrv.exe
File created	C:\Windows\SysWOW64\ulcdsrv.exe	ulcdsrv.exe
File created	C:\Windows\SysWOW64\ulcdsrv.exe	ulcdsrv.exe
File created	C:\Windows\SysWOW64\ulcdsrv.exe	ulcdsrv.exe
File created	C:\Windows\SysWOW64\ulcdsrv.exe	ulcdsrv.exe
File created	C:\Windows\SysWOW64\ulcdsrv.exe	ulcdsrv.exe
File created	C:\Windows\SysWOW64\ulcdsrv.exe	ulcdsrv.exe
File created	C:\Windows\SysWOW64\ulcdsrv.exe	ulcdsrv.exe
File created	C:\Windows\SysWOW64\ulcdsrv.exe	ulcdsrv.exe
File created	C:\Windows\SysWOW64\ulcdsrv.exe	ulcdsrv.exe
File created	C:\Windows\SysWOW64\ulcdsrv.exe	ulcdsrv.exe
File created	C:\Windows\SysWOW64\ulcdsrv.exe	ulcdsrv.exe
File created	C:\Windows\SysWOW64\ulcdsrv.exe	ulcdsrv.exe
File created	C:\Windows\SysWOW64\ulcdsrv.exe	ulcdsrv.exe
File created	C:\Windows\SysWOW64\ulcdsrv.exe	ulcdsrv.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4084	2412	WerFault.exe	345

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1824	a2ec329d801922c92401f079f3ffcee7b61c895703145fc2c92f8edeeb850ef9.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1824	a2ec329d801922c92401f079f3ffcee7b61c895703145fc2c92f8edeeb850ef9.exe
1824	a2ec329d801922c92401f079f3ffcee7b61c895703145fc2c92f8edeeb850ef9.exe
4872	ulcdsrv.exe
4872	ulcdsrv.exe
1340	ulcdsrv.exe
1340	ulcdsrv.exe
2296	ulcdsrv.exe
2296	ulcdsrv.exe
1776	ulcdsrv.exe
1776	ulcdsrv.exe
1828	ulcdsrv.exe
1828	ulcdsrv.exe
204	ulcdsrv.exe
204	ulcdsrv.exe
2204	ulcdsrv.exe
2204	ulcdsrv.exe
4644	ulcdsrv.exe
4644	ulcdsrv.exe
1252	ulcdsrv.exe
1252	ulcdsrv.exe
2336	ulcdsrv.exe
2336	ulcdsrv.exe
440	ulcdsrv.exe
440	ulcdsrv.exe
4308	ulcdsrv.exe
4308	ulcdsrv.exe
2032	ulcdsrv.exe
2032	ulcdsrv.exe
4424	ulcdsrv.exe
4424	ulcdsrv.exe
4840	ulcdsrv.exe
4840	ulcdsrv.exe
1968	ulcdsrv.exe
1968	ulcdsrv.exe
2036	ulcdsrv.exe
2036	ulcdsrv.exe
4716	ulcdsrv.exe
4716	ulcdsrv.exe
3284	ulcdsrv.exe
3284	ulcdsrv.exe
4168	ulcdsrv.exe
4168	ulcdsrv.exe
1860	ulcdsrv.exe
1860	ulcdsrv.exe
2056	ulcdsrv.exe
2056	ulcdsrv.exe
3000	ulcdsrv.exe
3000	ulcdsrv.exe
3592	ulcdsrv.exe
3592	ulcdsrv.exe
3140	ulcdsrv.exe
3140	ulcdsrv.exe
4920	ulcdsrv.exe
4920	ulcdsrv.exe
2596	ulcdsrv.exe
2596	ulcdsrv.exe
4576	ulcdsrv.exe
4576	ulcdsrv.exe
3500	ulcdsrv.exe
3500	ulcdsrv.exe
3268	ulcdsrv.exe
3268	ulcdsrv.exe
4864	ulcdsrv.exe
4864	ulcdsrv.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1824 wrote to memory of 4872	1824	a2ec329d801922c92401f079f3ffcee7b61c895703145fc2c92f8edeeb850ef9.exe	79
PID 1824 wrote to memory of 4872	1824	a2ec329d801922c92401f079f3ffcee7b61c895703145fc2c92f8edeeb850ef9.exe	79
PID 1824 wrote to memory of 4872	1824	a2ec329d801922c92401f079f3ffcee7b61c895703145fc2c92f8edeeb850ef9.exe	79
PID 4872 wrote to memory of 1340	4872	ulcdsrv.exe	80
PID 4872 wrote to memory of 1340	4872	ulcdsrv.exe	80
PID 4872 wrote to memory of 1340	4872	ulcdsrv.exe	80
PID 1340 wrote to memory of 2296	1340	ulcdsrv.exe	81
PID 1340 wrote to memory of 2296	1340	ulcdsrv.exe	81
PID 1340 wrote to memory of 2296	1340	ulcdsrv.exe	81
PID 2296 wrote to memory of 1776	2296	ulcdsrv.exe	82
PID 2296 wrote to memory of 1776	2296	ulcdsrv.exe	82
PID 2296 wrote to memory of 1776	2296	ulcdsrv.exe	82
PID 1776 wrote to memory of 1828	1776	ulcdsrv.exe	83
PID 1776 wrote to memory of 1828	1776	ulcdsrv.exe	83
PID 1776 wrote to memory of 1828	1776	ulcdsrv.exe	83
PID 1828 wrote to memory of 204	1828	ulcdsrv.exe	84
PID 1828 wrote to memory of 204	1828	ulcdsrv.exe	84
PID 1828 wrote to memory of 204	1828	ulcdsrv.exe	84
PID 204 wrote to memory of 2204	204	ulcdsrv.exe	85
PID 204 wrote to memory of 2204	204	ulcdsrv.exe	85
PID 204 wrote to memory of 2204	204	ulcdsrv.exe	85
PID 2204 wrote to memory of 4644	2204	ulcdsrv.exe	86
PID 2204 wrote to memory of 4644	2204	ulcdsrv.exe	86
PID 2204 wrote to memory of 4644	2204	ulcdsrv.exe	86
PID 4644 wrote to memory of 1252	4644	ulcdsrv.exe	87
PID 4644 wrote to memory of 1252	4644	ulcdsrv.exe	87
PID 4644 wrote to memory of 1252	4644	ulcdsrv.exe	87
PID 1252 wrote to memory of 2336	1252	ulcdsrv.exe	88
PID 1252 wrote to memory of 2336	1252	ulcdsrv.exe	88
PID 1252 wrote to memory of 2336	1252	ulcdsrv.exe	88
PID 2336 wrote to memory of 440	2336	ulcdsrv.exe	89
PID 2336 wrote to memory of 440	2336	ulcdsrv.exe	89
PID 2336 wrote to memory of 440	2336	ulcdsrv.exe	89
PID 440 wrote to memory of 4308	440	ulcdsrv.exe	90
PID 440 wrote to memory of 4308	440	ulcdsrv.exe	90
PID 440 wrote to memory of 4308	440	ulcdsrv.exe	90
PID 4308 wrote to memory of 2032	4308	ulcdsrv.exe	92
PID 4308 wrote to memory of 2032	4308	ulcdsrv.exe	92
PID 4308 wrote to memory of 2032	4308	ulcdsrv.exe	92
PID 2032 wrote to memory of 4424	2032	ulcdsrv.exe	93
PID 2032 wrote to memory of 4424	2032	ulcdsrv.exe	93
PID 2032 wrote to memory of 4424	2032	ulcdsrv.exe	93
PID 4424 wrote to memory of 4840	4424	ulcdsrv.exe	94
PID 4424 wrote to memory of 4840	4424	ulcdsrv.exe	94
PID 4424 wrote to memory of 4840	4424	ulcdsrv.exe	94
PID 4840 wrote to memory of 1968	4840	ulcdsrv.exe	95
PID 4840 wrote to memory of 1968	4840	ulcdsrv.exe	95
PID 4840 wrote to memory of 1968	4840	ulcdsrv.exe	95
PID 1968 wrote to memory of 2036	1968	ulcdsrv.exe	96
PID 1968 wrote to memory of 2036	1968	ulcdsrv.exe	96
PID 1968 wrote to memory of 2036	1968	ulcdsrv.exe	96
PID 2036 wrote to memory of 4716	2036	ulcdsrv.exe	97
PID 2036 wrote to memory of 4716	2036	ulcdsrv.exe	97
PID 2036 wrote to memory of 4716	2036	ulcdsrv.exe	97
PID 4716 wrote to memory of 3284	4716	ulcdsrv.exe	98
PID 4716 wrote to memory of 3284	4716	ulcdsrv.exe	98
PID 4716 wrote to memory of 3284	4716	ulcdsrv.exe	98
PID 3284 wrote to memory of 4168	3284	ulcdsrv.exe	99
PID 3284 wrote to memory of 4168	3284	ulcdsrv.exe	99
PID 3284 wrote to memory of 4168	3284	ulcdsrv.exe	99
PID 4168 wrote to memory of 1860	4168	ulcdsrv.exe	100
PID 4168 wrote to memory of 1860	4168	ulcdsrv.exe	100
PID 4168 wrote to memory of 1860	4168	ulcdsrv.exe	100
PID 1860 wrote to memory of 2056	1860	ulcdsrv.exe	101

C:\Users\Admin\AppData\Local\Temp\a2ec329d801922c92401f079f3ffcee7b61c895703145fc2c92f8edeeb850ef9.exe
"C:\Users\Admin\AppData\Local\Temp\a2ec329d801922c92401f079f3ffcee7b61c895703145fc2c92f8edeeb850ef9.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1824
- C:\Windows\SysWOW64\ulcdsrv.exe
  "C:\Windows\system32\ulcdsrv.exe"
  2⤵
  - Executes dropped EXE
  - Checks computer location settings
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4872
- - C:\Windows\SysWOW64\ulcdsrv.exe
    "C:\Windows\system32\ulcdsrv.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1340
  - - C:\Windows\SysWOW64\ulcdsrv.exe
      "C:\Windows\system32\ulcdsrv.exe"
      4⤵
      Executes dropped EXE
      Checks computer location settings
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2296
    - - C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1776
      - C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1828
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:204
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        8⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2204
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4644
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        10⤵
        Executes dropped EXE
        Checks computer location settings
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1252
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        11⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2336
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        12⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:440
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        13⤵
        Executes dropped EXE
        Checks computer location settings
        Drops file in System32 directory
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4308
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        14⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2032
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        15⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4424
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        16⤵
        Executes dropped EXE
        Checks computer location settings
        Drops file in System32 directory
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4840
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        17⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1968
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        18⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2036
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        19⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4716
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        20⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3284
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        21⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4168
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        22⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1860
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        23⤵
        Executes dropped EXE
        Checks computer location settings
        Suspicious use of SetWindowsHookEx
        
        PID:2056
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        24⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3000
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        25⤵
        Executes dropped EXE
        Checks computer location settings
        Suspicious use of SetWindowsHookEx
        
        PID:3592
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        26⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3140
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        27⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4920
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        28⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of SetWindowsHookEx
        
        PID:2596
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        29⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4576
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        30⤵
        Executes dropped EXE
        Checks computer location settings
        Drops file in System32 directory
        Suspicious use of SetWindowsHookEx
        
        PID:3500
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        31⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3268
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        32⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4864
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        33⤵
        Executes dropped EXE
        Checks computer location settings
        
        PID:860
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        34⤵
        Executes dropped EXE
        
        PID:4436
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        35⤵
        Executes dropped EXE
        Checks computer location settings
        
        PID:2000
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        36⤵
        Executes dropped EXE
        
        PID:3744
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        37⤵
        Executes dropped EXE
        
        PID:3156
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        38⤵
        Executes dropped EXE
        Checks computer location settings
        
        PID:220
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        39⤵
        Executes dropped EXE
        Checks computer location settings
        
        PID:2980
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        40⤵
        Executes dropped EXE
        Checks computer location settings
        
        PID:4644
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        41⤵
        Executes dropped EXE
        
        PID:1252
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        42⤵
        Executes dropped EXE
        
        PID:988
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        43⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4400
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        44⤵
        Executes dropped EXE
        Checks computer location settings
        
        PID:2008
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        45⤵
        Executes dropped EXE
        
        PID:772
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        46⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4972
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        47⤵
        Executes dropped EXE
        
        PID:3204
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        48⤵
        Executes dropped EXE
        
        PID:2964
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        49⤵
        Executes dropped EXE
        
        PID:3536
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        50⤵
        Executes dropped EXE
        
        PID:3284
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        51⤵
        Executes dropped EXE
        
        PID:4168
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        52⤵
        Executes dropped EXE
        
        PID:4036
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        53⤵
        Executes dropped EXE
        
        PID:1964
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        54⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2616
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        55⤵
        Executes dropped EXE
        
        PID:776
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        56⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:396
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        57⤵
        Executes dropped EXE
        
        PID:3548
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        58⤵
        Executes dropped EXE
        Checks computer location settings
        
        PID:3216
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        59⤵
        Executes dropped EXE
        Checks computer location settings
        
        PID:1400
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        60⤵
        Executes dropped EXE
        
        PID:1824
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        61⤵
        Executes dropped EXE
        Checks computer location settings
        Drops file in System32 directory
        
        PID:1060
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        62⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1864
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        63⤵
        Executes dropped EXE
        Checks computer location settings
        
        PID:3184
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        64⤵
        Executes dropped EXE
        
        PID:224
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        65⤵
        Executes dropped EXE
        
        PID:2468
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        66⤵
        Checks computer location settings
        
        PID:2268
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        67⤵
        
        PID:1556
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        68⤵
        
        PID:3824
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        69⤵
        
        PID:2480
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        70⤵
        Drops file in System32 directory
        
        PID:2336
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        71⤵
        Drops file in System32 directory
        
        PID:440
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        72⤵
        Checks computer location settings
        
        PID:3580
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        73⤵
        
        PID:1892
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        74⤵
        
        PID:4752
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        75⤵
        Checks computer location settings
        
        PID:4840
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        76⤵
        
        PID:4972
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        77⤵
        
        PID:3772
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        78⤵
        
        PID:2172
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        79⤵
        
        PID:4128
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        80⤵
        Drops file in System32 directory
        
        PID:3392
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        81⤵
        
        PID:4240
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        82⤵
        
        PID:4964
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        83⤵
        Checks computer location settings
        Drops file in System32 directory
        
        PID:4036
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        84⤵
        Drops file in System32 directory
        
        PID:2972
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        85⤵
        Checks computer location settings
        
        PID:4916
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        86⤵
        
        PID:4968
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        87⤵
        
        PID:3076
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        88⤵
        
        PID:4460
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        89⤵
        
        PID:3104
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        90⤵
        
        PID:2772
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        91⤵
        
        PID:3224
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        92⤵
        
        PID:5052
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        93⤵
        Checks computer location settings
        
        PID:2676
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        94⤵
        
        PID:4888
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        95⤵
        
        PID:1628
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        96⤵
        Checks computer location settings
        Drops file in System32 directory
        
        PID:4900
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        97⤵
        
        PID:1340
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        98⤵
        
        PID:1244
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        99⤵
        
        PID:4496
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        100⤵
        Checks computer location settings
        Drops file in System32 directory
        
        PID:3708
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        101⤵
        
        PID:2604
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        102⤵
        Checks computer location settings
        
        PID:1176
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        103⤵
        
        PID:812
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        104⤵
        Drops file in System32 directory
        
        PID:2980
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        105⤵
        
        PID:4936
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        106⤵
        Drops file in System32 directory
        
        PID:1292
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        107⤵
        
        PID:4364
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        108⤵
        
        PID:5088
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        109⤵
        
        PID:3416
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        110⤵
        Checks computer location settings
        
        PID:3108
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        111⤵
        Checks computer location settings
        
        PID:2192
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        112⤵
        Drops file in System32 directory
        
        PID:5092
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        113⤵
        Checks computer location settings
        
        PID:2832
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        114⤵
        Drops file in System32 directory
        
        PID:3544
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        115⤵
        Checks computer location settings
        
        PID:2508
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        116⤵
        
        PID:3752
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        117⤵
        Drops file in System32 directory
        
        PID:3284
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        118⤵
        
        PID:4020
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        119⤵
        
        PID:4356
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        120⤵
        Checks computer location settings
        Drops file in System32 directory
        
        PID:4952
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        121⤵
        
        PID:1964
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        122⤵
        Drops file in System32 directory
        
        PID:2288
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        123⤵
        Checks computer location settings
        
        PID:1364
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        124⤵
        Drops file in System32 directory
        
        PID:400
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        125⤵
        Checks computer location settings
        
        PID:4468
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        126⤵
        Drops file in System32 directory
        
        PID:4076
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        127⤵
        Checks computer location settings
        Drops file in System32 directory
        
        PID:3548
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        128⤵
        Drops file in System32 directory
        
        PID:4524
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        129⤵
        
        PID:1856
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        130⤵
        
        PID:4812
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        131⤵
        Checks computer location settings
        
        PID:4144
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        132⤵
        Checks computer location settings
        
        PID:4720
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        133⤵
        Checks computer location settings
        Drops file in System32 directory
        
        PID:2664
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        134⤵
        
        PID:2340
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        135⤵
        
        PID:1304
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        136⤵
        
        PID:4052
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        137⤵
        
        PID:224
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        138⤵
        Checks computer location settings
        
        PID:3708
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        139⤵
        
        PID:2604
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        140⤵
        Drops file in System32 directory
        
        PID:3912
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        141⤵
        
        PID:1396
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        142⤵
        Drops file in System32 directory
        
        PID:4628
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        143⤵
        
        PID:3340
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        144⤵
        Checks computer location settings
        Drops file in System32 directory
        
        PID:4816
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        145⤵
        Checks computer location settings
        
        PID:940
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        146⤵
        
        PID:4348
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        147⤵
        
        PID:4236
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        148⤵
        Checks computer location settings
        Drops file in System32 directory
        
        PID:4232
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        149⤵
        Drops file in System32 directory
        
        PID:4424
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        150⤵
        
        PID:2244
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        151⤵
        Drops file in System32 directory
        
        PID:4420
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        152⤵
        Checks computer location settings
        
        PID:3612
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        153⤵
        Checks computer location settings
        Drops file in System32 directory
        
        PID:3088
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        154⤵
        
        PID:4220
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        155⤵
        
        PID:2320
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        156⤵
        
        PID:2488
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        157⤵
        
        PID:3068
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        158⤵
        
        PID:4560
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        159⤵
        
        PID:3172
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        160⤵
        Drops file in System32 directory
        
        PID:2108
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        161⤵
        
        PID:4208
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        162⤵
        
        PID:3956
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        163⤵
        
        PID:4468
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        164⤵
        
        PID:4076
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        165⤵
        Drops file in System32 directory
        
        PID:2868
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        166⤵
        
        PID:1172
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        167⤵
        Checks computer location settings
        
        PID:520
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        168⤵
        
        PID:368
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        169⤵
        
        PID:3724
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        170⤵
        
        PID:1456
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        171⤵
        Checks computer location settings
        
        PID:1340
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        172⤵
        
        PID:1244
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        173⤵
        
        PID:2848
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        174⤵
        
        PID:4548
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        175⤵
        
        PID:2136
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        176⤵
        
        PID:2492
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        177⤵
        
        PID:2416
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        178⤵
        Checks computer location settings
        Drops file in System32 directory
        
        PID:1716
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        179⤵
        Drops file in System32 directory
        
        PID:1708
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        180⤵
        
        PID:1744
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        181⤵
        
        PID:988
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        182⤵
        Drops file in System32 directory
        
        PID:384
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        183⤵
        
        PID:4696
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        184⤵
        
        PID:2412
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        185⤵
        Drops file in System32 directory
        
        PID:4940
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        186⤵
        
        PID:4820
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        187⤵
        Checks computer location settings
        
        PID:3772
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        188⤵
        
        PID:2184
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        189⤵
        
        PID:1116
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        190⤵
        
        PID:3612
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        191⤵
        Drops file in System32 directory
        
        PID:3088
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        192⤵
        
        PID:4220
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        193⤵
        
        PID:2320
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        194⤵
        
        PID:4712
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        195⤵
        Drops file in System32 directory
        
        PID:3068
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        196⤵
        
        PID:4560
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        197⤵
        
        PID:3172
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        198⤵
        Drops file in System32 directory
        
        PID:2108
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        199⤵
        
        PID:484
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        200⤵
        
        PID:4072
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        201⤵
        
        PID:2548
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        202⤵
        
        PID:2120
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        203⤵
        Checks computer location settings
        
        PID:3224
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        204⤵
        
        PID:4048
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        205⤵
        Checks computer location settings
        
        PID:2676
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        206⤵
        
        PID:4864
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        207⤵
        
        PID:4720
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        208⤵
        Checks computer location settings
        
        PID:4900
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        209⤵
        Drops file in System32 directory
        
        PID:2340
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        210⤵
        
        PID:3380
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        211⤵
        
        PID:2140
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        212⤵
        
        PID:4768
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        213⤵
        
        PID:1936
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        214⤵
        Drops file in System32 directory
        
        PID:3156
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        215⤵
        Checks computer location settings
        
        PID:1556
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        216⤵
        
        PID:4784
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        217⤵
        Drops file in System32 directory
        
        PID:4856
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        218⤵
        Checks computer location settings
        
        PID:3340
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        219⤵
        Drops file in System32 directory
        
        PID:5028
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        220⤵
        Checks computer location settings
        
        PID:940
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        221⤵
        Drops file in System32 directory
        
        PID:4348
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        222⤵
        Drops file in System32 directory
        
        PID:1892
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        223⤵
        
        PID:4000
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        224⤵
        Drops file in System32 directory
        
        PID:2404
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        225⤵
        Checks computer location settings
        
        PID:2964
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        226⤵
        Drops file in System32 directory
        
        PID:2884
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        227⤵
        Checks computer location settings
        
        PID:3960
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        228⤵
        
        PID:3584
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        229⤵
        Checks computer location settings
        
        PID:3964
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        230⤵
        
        PID:1604
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        231⤵
        Drops file in System32 directory
        
        PID:3864
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        232⤵
        
        PID:4356
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        233⤵
        
        PID:2100
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        234⤵
        Drops file in System32 directory
        
        PID:3592
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        235⤵
        
        PID:2280
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        236⤵
        
        PID:396
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        237⤵
        
        PID:3100
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        238⤵
        
        PID:2528
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        239⤵
        Checks computer location settings
        
        PID:2772
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        240⤵
        
        PID:1932
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        241⤵
        Drops file in System32 directory
        
        PID:3480
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        242⤵
        Drops file in System32 directory
        
        PID:3224
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        243⤵
        
        PID:3400
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        244⤵
        
        PID:1864
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        245⤵
        
        PID:1824
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        246⤵
        
        PID:1476
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        247⤵
        
        PID:4496
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        248⤵
        Checks computer location settings
        Drops file in System32 directory
        
        PID:4620
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        249⤵
        Drops file in System32 directory
        
        PID:1564
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        250⤵
        Checks computer location settings
        
        PID:2140
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        251⤵
        
        PID:4768
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        252⤵
        
        PID:1936
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        253⤵
        
        PID:2604
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        254⤵
        Checks computer location settings
        Drops file in System32 directory
        
        PID:2632
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        255⤵
        
        PID:1716
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        256⤵
        Checks computer location settings
        
        PID:3672
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        257⤵
        Checks computer location settings
        Drops file in System32 directory
        
        PID:3692
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        258⤵
        Checks computer location settings
        Drops file in System32 directory
        
        PID:1056
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        259⤵
        
        PID:4552
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        260⤵
        
        PID:4696
        
        C:\Windows\SysWOW64\ulcdsrv.exe
        
        "C:\Windows\system32\ulcdsrv.exe"
        261⤵
        
        PID:2412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 416
        262⤵
        Program crash
        
        PID:4084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 376 -p 2412 -ip 2412
1⤵
PID:4000

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\ulcdsrv.exe

Filesize
223KB

MD5
489a4af4086ff8ed8728d31cbb273059

SHA1
50b47aef62a6061e4d102ad74ee762827547f226

SHA256
a2ec329d801922c92401f079f3ffcee7b61c895703145fc2c92f8edeeb850ef9

SHA512
5daccad9addb8e0839992443dfbda7654e67075ddde834630c6c8d65d3699fbb8429d1d917944fb71a52ca6e545120f98de62a90fab6fb6d095db987b2815b23

Download Submit
C:\Windows\SysWOW64\ulcdsrv.exe

Filesize
223KB

MD5
489a4af4086ff8ed8728d31cbb273059

SHA1
50b47aef62a6061e4d102ad74ee762827547f226

SHA256
a2ec329d801922c92401f079f3ffcee7b61c895703145fc2c92f8edeeb850ef9

SHA512
5daccad9addb8e0839992443dfbda7654e67075ddde834630c6c8d65d3699fbb8429d1d917944fb71a52ca6e545120f98de62a90fab6fb6d095db987b2815b23

Download Submit
C:\Windows\SysWOW64\ulcdsrv.exe

Filesize
223KB

MD5
489a4af4086ff8ed8728d31cbb273059

SHA1
50b47aef62a6061e4d102ad74ee762827547f226

SHA256
a2ec329d801922c92401f079f3ffcee7b61c895703145fc2c92f8edeeb850ef9

SHA512
5daccad9addb8e0839992443dfbda7654e67075ddde834630c6c8d65d3699fbb8429d1d917944fb71a52ca6e545120f98de62a90fab6fb6d095db987b2815b23

Download Submit
C:\Windows\SysWOW64\ulcdsrv.exe

Filesize
223KB

MD5
489a4af4086ff8ed8728d31cbb273059

SHA1
50b47aef62a6061e4d102ad74ee762827547f226

SHA256
a2ec329d801922c92401f079f3ffcee7b61c895703145fc2c92f8edeeb850ef9

SHA512
5daccad9addb8e0839992443dfbda7654e67075ddde834630c6c8d65d3699fbb8429d1d917944fb71a52ca6e545120f98de62a90fab6fb6d095db987b2815b23

Download Submit
C:\Windows\SysWOW64\ulcdsrv.exe

Filesize
223KB

MD5
489a4af4086ff8ed8728d31cbb273059

SHA1
50b47aef62a6061e4d102ad74ee762827547f226

SHA256
a2ec329d801922c92401f079f3ffcee7b61c895703145fc2c92f8edeeb850ef9

SHA512
5daccad9addb8e0839992443dfbda7654e67075ddde834630c6c8d65d3699fbb8429d1d917944fb71a52ca6e545120f98de62a90fab6fb6d095db987b2815b23

Download Submit
C:\Windows\SysWOW64\ulcdsrv.exe

Filesize
223KB

MD5
489a4af4086ff8ed8728d31cbb273059

SHA1
50b47aef62a6061e4d102ad74ee762827547f226

SHA256
a2ec329d801922c92401f079f3ffcee7b61c895703145fc2c92f8edeeb850ef9

SHA512
5daccad9addb8e0839992443dfbda7654e67075ddde834630c6c8d65d3699fbb8429d1d917944fb71a52ca6e545120f98de62a90fab6fb6d095db987b2815b23

Download Submit
C:\Windows\SysWOW64\ulcdsrv.exe

Filesize
223KB

MD5
489a4af4086ff8ed8728d31cbb273059

SHA1
50b47aef62a6061e4d102ad74ee762827547f226

SHA256
a2ec329d801922c92401f079f3ffcee7b61c895703145fc2c92f8edeeb850ef9

SHA512
5daccad9addb8e0839992443dfbda7654e67075ddde834630c6c8d65d3699fbb8429d1d917944fb71a52ca6e545120f98de62a90fab6fb6d095db987b2815b23

Download Submit
C:\Windows\SysWOW64\ulcdsrv.exe

Filesize
223KB

MD5
489a4af4086ff8ed8728d31cbb273059

SHA1
50b47aef62a6061e4d102ad74ee762827547f226

SHA256
a2ec329d801922c92401f079f3ffcee7b61c895703145fc2c92f8edeeb850ef9

SHA512
5daccad9addb8e0839992443dfbda7654e67075ddde834630c6c8d65d3699fbb8429d1d917944fb71a52ca6e545120f98de62a90fab6fb6d095db987b2815b23

Download Submit
C:\Windows\SysWOW64\ulcdsrv.exe

Filesize
223KB

MD5
489a4af4086ff8ed8728d31cbb273059

SHA1
50b47aef62a6061e4d102ad74ee762827547f226

SHA256
a2ec329d801922c92401f079f3ffcee7b61c895703145fc2c92f8edeeb850ef9

SHA512
5daccad9addb8e0839992443dfbda7654e67075ddde834630c6c8d65d3699fbb8429d1d917944fb71a52ca6e545120f98de62a90fab6fb6d095db987b2815b23

Download Submit
C:\Windows\SysWOW64\ulcdsrv.exe

Filesize
223KB

MD5
489a4af4086ff8ed8728d31cbb273059

SHA1
50b47aef62a6061e4d102ad74ee762827547f226

SHA256
a2ec329d801922c92401f079f3ffcee7b61c895703145fc2c92f8edeeb850ef9

SHA512
5daccad9addb8e0839992443dfbda7654e67075ddde834630c6c8d65d3699fbb8429d1d917944fb71a52ca6e545120f98de62a90fab6fb6d095db987b2815b23

Download Submit
C:\Windows\SysWOW64\ulcdsrv.exe

Filesize
223KB

MD5
489a4af4086ff8ed8728d31cbb273059

SHA1
50b47aef62a6061e4d102ad74ee762827547f226

SHA256
a2ec329d801922c92401f079f3ffcee7b61c895703145fc2c92f8edeeb850ef9

SHA512
5daccad9addb8e0839992443dfbda7654e67075ddde834630c6c8d65d3699fbb8429d1d917944fb71a52ca6e545120f98de62a90fab6fb6d095db987b2815b23

Download Submit
C:\Windows\SysWOW64\ulcdsrv.exe

Filesize
223KB

MD5
489a4af4086ff8ed8728d31cbb273059

SHA1
50b47aef62a6061e4d102ad74ee762827547f226

SHA256
a2ec329d801922c92401f079f3ffcee7b61c895703145fc2c92f8edeeb850ef9

SHA512
5daccad9addb8e0839992443dfbda7654e67075ddde834630c6c8d65d3699fbb8429d1d917944fb71a52ca6e545120f98de62a90fab6fb6d095db987b2815b23

Download Submit
C:\Windows\SysWOW64\ulcdsrv.exe

Filesize
223KB

MD5
489a4af4086ff8ed8728d31cbb273059

SHA1
50b47aef62a6061e4d102ad74ee762827547f226

SHA256
a2ec329d801922c92401f079f3ffcee7b61c895703145fc2c92f8edeeb850ef9

SHA512
5daccad9addb8e0839992443dfbda7654e67075ddde834630c6c8d65d3699fbb8429d1d917944fb71a52ca6e545120f98de62a90fab6fb6d095db987b2815b23

Download Submit
C:\Windows\SysWOW64\ulcdsrv.exe

Filesize
223KB

MD5
489a4af4086ff8ed8728d31cbb273059

SHA1
50b47aef62a6061e4d102ad74ee762827547f226

SHA256
a2ec329d801922c92401f079f3ffcee7b61c895703145fc2c92f8edeeb850ef9

SHA512
5daccad9addb8e0839992443dfbda7654e67075ddde834630c6c8d65d3699fbb8429d1d917944fb71a52ca6e545120f98de62a90fab6fb6d095db987b2815b23

Download Submit
C:\Windows\SysWOW64\ulcdsrv.exe

Filesize
223KB

MD5
489a4af4086ff8ed8728d31cbb273059

SHA1
50b47aef62a6061e4d102ad74ee762827547f226

SHA256
a2ec329d801922c92401f079f3ffcee7b61c895703145fc2c92f8edeeb850ef9

SHA512
5daccad9addb8e0839992443dfbda7654e67075ddde834630c6c8d65d3699fbb8429d1d917944fb71a52ca6e545120f98de62a90fab6fb6d095db987b2815b23

Download Submit
C:\Windows\SysWOW64\ulcdsrv.exe

Filesize
223KB

MD5
489a4af4086ff8ed8728d31cbb273059

SHA1
50b47aef62a6061e4d102ad74ee762827547f226

SHA256
a2ec329d801922c92401f079f3ffcee7b61c895703145fc2c92f8edeeb850ef9

SHA512
5daccad9addb8e0839992443dfbda7654e67075ddde834630c6c8d65d3699fbb8429d1d917944fb71a52ca6e545120f98de62a90fab6fb6d095db987b2815b23

Download Submit
C:\Windows\SysWOW64\ulcdsrv.exe

Filesize
223KB

MD5
489a4af4086ff8ed8728d31cbb273059

SHA1
50b47aef62a6061e4d102ad74ee762827547f226

SHA256
a2ec329d801922c92401f079f3ffcee7b61c895703145fc2c92f8edeeb850ef9

SHA512
5daccad9addb8e0839992443dfbda7654e67075ddde834630c6c8d65d3699fbb8429d1d917944fb71a52ca6e545120f98de62a90fab6fb6d095db987b2815b23

Download Submit
C:\Windows\SysWOW64\ulcdsrv.exe

Filesize
223KB

MD5
489a4af4086ff8ed8728d31cbb273059

SHA1
50b47aef62a6061e4d102ad74ee762827547f226

SHA256
a2ec329d801922c92401f079f3ffcee7b61c895703145fc2c92f8edeeb850ef9

SHA512
5daccad9addb8e0839992443dfbda7654e67075ddde834630c6c8d65d3699fbb8429d1d917944fb71a52ca6e545120f98de62a90fab6fb6d095db987b2815b23

Download Submit
C:\Windows\SysWOW64\ulcdsrv.exe

Filesize
223KB

MD5
489a4af4086ff8ed8728d31cbb273059

SHA1
50b47aef62a6061e4d102ad74ee762827547f226

SHA256
a2ec329d801922c92401f079f3ffcee7b61c895703145fc2c92f8edeeb850ef9

SHA512
5daccad9addb8e0839992443dfbda7654e67075ddde834630c6c8d65d3699fbb8429d1d917944fb71a52ca6e545120f98de62a90fab6fb6d095db987b2815b23

Download Submit
C:\Windows\SysWOW64\ulcdsrv.exe

Filesize
223KB

MD5
489a4af4086ff8ed8728d31cbb273059

SHA1
50b47aef62a6061e4d102ad74ee762827547f226

SHA256
a2ec329d801922c92401f079f3ffcee7b61c895703145fc2c92f8edeeb850ef9

SHA512
5daccad9addb8e0839992443dfbda7654e67075ddde834630c6c8d65d3699fbb8429d1d917944fb71a52ca6e545120f98de62a90fab6fb6d095db987b2815b23

Download Submit
C:\Windows\SysWOW64\ulcdsrv.exe

Filesize
223KB

MD5
489a4af4086ff8ed8728d31cbb273059

SHA1
50b47aef62a6061e4d102ad74ee762827547f226

SHA256
a2ec329d801922c92401f079f3ffcee7b61c895703145fc2c92f8edeeb850ef9

SHA512
5daccad9addb8e0839992443dfbda7654e67075ddde834630c6c8d65d3699fbb8429d1d917944fb71a52ca6e545120f98de62a90fab6fb6d095db987b2815b23

Download Submit
C:\Windows\SysWOW64\ulcdsrv.exe

Filesize
223KB

MD5
489a4af4086ff8ed8728d31cbb273059

SHA1
50b47aef62a6061e4d102ad74ee762827547f226

SHA256
a2ec329d801922c92401f079f3ffcee7b61c895703145fc2c92f8edeeb850ef9

SHA512
5daccad9addb8e0839992443dfbda7654e67075ddde834630c6c8d65d3699fbb8429d1d917944fb71a52ca6e545120f98de62a90fab6fb6d095db987b2815b23

Download Submit
C:\Windows\SysWOW64\ulcdsrv.exe

Filesize
223KB

MD5
489a4af4086ff8ed8728d31cbb273059

SHA1
50b47aef62a6061e4d102ad74ee762827547f226

SHA256
a2ec329d801922c92401f079f3ffcee7b61c895703145fc2c92f8edeeb850ef9

SHA512
5daccad9addb8e0839992443dfbda7654e67075ddde834630c6c8d65d3699fbb8429d1d917944fb71a52ca6e545120f98de62a90fab6fb6d095db987b2815b23

Download Submit
C:\Windows\SysWOW64\ulcdsrv.exe

Filesize
223KB

MD5
489a4af4086ff8ed8728d31cbb273059

SHA1
50b47aef62a6061e4d102ad74ee762827547f226

SHA256
a2ec329d801922c92401f079f3ffcee7b61c895703145fc2c92f8edeeb850ef9

SHA512
5daccad9addb8e0839992443dfbda7654e67075ddde834630c6c8d65d3699fbb8429d1d917944fb71a52ca6e545120f98de62a90fab6fb6d095db987b2815b23

Download Submit
C:\Windows\SysWOW64\ulcdsrv.exe

Filesize
223KB

MD5
489a4af4086ff8ed8728d31cbb273059

SHA1
50b47aef62a6061e4d102ad74ee762827547f226

SHA256
a2ec329d801922c92401f079f3ffcee7b61c895703145fc2c92f8edeeb850ef9

SHA512
5daccad9addb8e0839992443dfbda7654e67075ddde834630c6c8d65d3699fbb8429d1d917944fb71a52ca6e545120f98de62a90fab6fb6d095db987b2815b23

Download Submit
C:\Windows\SysWOW64\ulcdsrv.exe

Filesize
223KB

MD5
489a4af4086ff8ed8728d31cbb273059

SHA1
50b47aef62a6061e4d102ad74ee762827547f226

SHA256
a2ec329d801922c92401f079f3ffcee7b61c895703145fc2c92f8edeeb850ef9

SHA512
5daccad9addb8e0839992443dfbda7654e67075ddde834630c6c8d65d3699fbb8429d1d917944fb71a52ca6e545120f98de62a90fab6fb6d095db987b2815b23

Download Submit
C:\Windows\SysWOW64\ulcdsrv.exe

Filesize
223KB

MD5
489a4af4086ff8ed8728d31cbb273059

SHA1
50b47aef62a6061e4d102ad74ee762827547f226

SHA256
a2ec329d801922c92401f079f3ffcee7b61c895703145fc2c92f8edeeb850ef9

SHA512
5daccad9addb8e0839992443dfbda7654e67075ddde834630c6c8d65d3699fbb8429d1d917944fb71a52ca6e545120f98de62a90fab6fb6d095db987b2815b23

Download Submit
C:\Windows\SysWOW64\ulcdsrv.exe

Filesize
223KB

MD5
489a4af4086ff8ed8728d31cbb273059

SHA1
50b47aef62a6061e4d102ad74ee762827547f226

SHA256
a2ec329d801922c92401f079f3ffcee7b61c895703145fc2c92f8edeeb850ef9

SHA512
5daccad9addb8e0839992443dfbda7654e67075ddde834630c6c8d65d3699fbb8429d1d917944fb71a52ca6e545120f98de62a90fab6fb6d095db987b2815b23

Download Submit
C:\Windows\SysWOW64\ulcdsrv.exe

Filesize
223KB

MD5
489a4af4086ff8ed8728d31cbb273059

SHA1
50b47aef62a6061e4d102ad74ee762827547f226

SHA256
a2ec329d801922c92401f079f3ffcee7b61c895703145fc2c92f8edeeb850ef9

SHA512
5daccad9addb8e0839992443dfbda7654e67075ddde834630c6c8d65d3699fbb8429d1d917944fb71a52ca6e545120f98de62a90fab6fb6d095db987b2815b23

Download Submit
C:\Windows\SysWOW64\ulcdsrv.exe

Filesize
223KB

MD5
489a4af4086ff8ed8728d31cbb273059

SHA1
50b47aef62a6061e4d102ad74ee762827547f226

SHA256
a2ec329d801922c92401f079f3ffcee7b61c895703145fc2c92f8edeeb850ef9

SHA512
5daccad9addb8e0839992443dfbda7654e67075ddde834630c6c8d65d3699fbb8429d1d917944fb71a52ca6e545120f98de62a90fab6fb6d095db987b2815b23

Download Submit
C:\Windows\SysWOW64\ulcdsrv.exe

Filesize
223KB

MD5
489a4af4086ff8ed8728d31cbb273059

SHA1
50b47aef62a6061e4d102ad74ee762827547f226

SHA256
a2ec329d801922c92401f079f3ffcee7b61c895703145fc2c92f8edeeb850ef9

SHA512
5daccad9addb8e0839992443dfbda7654e67075ddde834630c6c8d65d3699fbb8429d1d917944fb71a52ca6e545120f98de62a90fab6fb6d095db987b2815b23

Download Submit
C:\Windows\SysWOW64\ulcdsrv.exe

Filesize
223KB

MD5
489a4af4086ff8ed8728d31cbb273059

SHA1
50b47aef62a6061e4d102ad74ee762827547f226

SHA256
a2ec329d801922c92401f079f3ffcee7b61c895703145fc2c92f8edeeb850ef9

SHA512
5daccad9addb8e0839992443dfbda7654e67075ddde834630c6c8d65d3699fbb8429d1d917944fb71a52ca6e545120f98de62a90fab6fb6d095db987b2815b23

Download Submit
C:\Windows\SysWOW64\ulcdsrv.exe

Filesize
223KB

MD5
489a4af4086ff8ed8728d31cbb273059

SHA1
50b47aef62a6061e4d102ad74ee762827547f226

SHA256
a2ec329d801922c92401f079f3ffcee7b61c895703145fc2c92f8edeeb850ef9

SHA512
5daccad9addb8e0839992443dfbda7654e67075ddde834630c6c8d65d3699fbb8429d1d917944fb71a52ca6e545120f98de62a90fab6fb6d095db987b2815b23

Download Submit
C:\Windows\SysWOW64\ulcdsrv.exe

Filesize
223KB

MD5
489a4af4086ff8ed8728d31cbb273059

SHA1
50b47aef62a6061e4d102ad74ee762827547f226

SHA256
a2ec329d801922c92401f079f3ffcee7b61c895703145fc2c92f8edeeb850ef9

SHA512
5daccad9addb8e0839992443dfbda7654e67075ddde834630c6c8d65d3699fbb8429d1d917944fb71a52ca6e545120f98de62a90fab6fb6d095db987b2815b23

Download Submit
C:\Windows\SysWOW64\ulcdsrv.exe

Filesize
223KB

MD5
489a4af4086ff8ed8728d31cbb273059

SHA1
50b47aef62a6061e4d102ad74ee762827547f226

SHA256
a2ec329d801922c92401f079f3ffcee7b61c895703145fc2c92f8edeeb850ef9

SHA512
5daccad9addb8e0839992443dfbda7654e67075ddde834630c6c8d65d3699fbb8429d1d917944fb71a52ca6e545120f98de62a90fab6fb6d095db987b2815b23

Download Submit
C:\Windows\SysWOW64\ulcdsrv.exe

Filesize
223KB

MD5
489a4af4086ff8ed8728d31cbb273059

SHA1
50b47aef62a6061e4d102ad74ee762827547f226

SHA256
a2ec329d801922c92401f079f3ffcee7b61c895703145fc2c92f8edeeb850ef9

SHA512
5daccad9addb8e0839992443dfbda7654e67075ddde834630c6c8d65d3699fbb8429d1d917944fb71a52ca6e545120f98de62a90fab6fb6d095db987b2815b23

Download Submit
C:\Windows\SysWOW64\ulcdsrv.exe

Filesize
223KB

MD5
489a4af4086ff8ed8728d31cbb273059

SHA1
50b47aef62a6061e4d102ad74ee762827547f226

SHA256
a2ec329d801922c92401f079f3ffcee7b61c895703145fc2c92f8edeeb850ef9

SHA512
5daccad9addb8e0839992443dfbda7654e67075ddde834630c6c8d65d3699fbb8429d1d917944fb71a52ca6e545120f98de62a90fab6fb6d095db987b2815b23

Download Submit
C:\Windows\SysWOW64\ulcdsrv.exe

Filesize
223KB

MD5
489a4af4086ff8ed8728d31cbb273059

SHA1
50b47aef62a6061e4d102ad74ee762827547f226

SHA256
a2ec329d801922c92401f079f3ffcee7b61c895703145fc2c92f8edeeb850ef9

SHA512
5daccad9addb8e0839992443dfbda7654e67075ddde834630c6c8d65d3699fbb8429d1d917944fb71a52ca6e545120f98de62a90fab6fb6d095db987b2815b23

Download Submit
C:\Windows\SysWOW64\ulcdsrv.exe

Filesize
223KB

MD5
489a4af4086ff8ed8728d31cbb273059

SHA1
50b47aef62a6061e4d102ad74ee762827547f226

SHA256
a2ec329d801922c92401f079f3ffcee7b61c895703145fc2c92f8edeeb850ef9

SHA512
5daccad9addb8e0839992443dfbda7654e67075ddde834630c6c8d65d3699fbb8429d1d917944fb71a52ca6e545120f98de62a90fab6fb6d095db987b2815b23

Download Submit
C:\Windows\SysWOW64\ulcdsrv.exe

Filesize
223KB

MD5
489a4af4086ff8ed8728d31cbb273059

SHA1
50b47aef62a6061e4d102ad74ee762827547f226

SHA256
a2ec329d801922c92401f079f3ffcee7b61c895703145fc2c92f8edeeb850ef9

SHA512
5daccad9addb8e0839992443dfbda7654e67075ddde834630c6c8d65d3699fbb8429d1d917944fb71a52ca6e545120f98de62a90fab6fb6d095db987b2815b23

Download Submit
C:\Windows\SysWOW64\ulcdsrv.exe

Filesize
223KB

MD5
489a4af4086ff8ed8728d31cbb273059

SHA1
50b47aef62a6061e4d102ad74ee762827547f226

SHA256
a2ec329d801922c92401f079f3ffcee7b61c895703145fc2c92f8edeeb850ef9

SHA512
5daccad9addb8e0839992443dfbda7654e67075ddde834630c6c8d65d3699fbb8429d1d917944fb71a52ca6e545120f98de62a90fab6fb6d095db987b2815b23

Download Submit
C:\Windows\SysWOW64\ulcdsrv.exe

Filesize
223KB

MD5
489a4af4086ff8ed8728d31cbb273059

SHA1
50b47aef62a6061e4d102ad74ee762827547f226

SHA256
a2ec329d801922c92401f079f3ffcee7b61c895703145fc2c92f8edeeb850ef9

SHA512
5daccad9addb8e0839992443dfbda7654e67075ddde834630c6c8d65d3699fbb8429d1d917944fb71a52ca6e545120f98de62a90fab6fb6d095db987b2815b23

Download Submit
C:\Windows\SysWOW64\ulcdsrv.exe

Filesize
223KB

MD5
489a4af4086ff8ed8728d31cbb273059

SHA1
50b47aef62a6061e4d102ad74ee762827547f226

SHA256
a2ec329d801922c92401f079f3ffcee7b61c895703145fc2c92f8edeeb850ef9

SHA512
5daccad9addb8e0839992443dfbda7654e67075ddde834630c6c8d65d3699fbb8429d1d917944fb71a52ca6e545120f98de62a90fab6fb6d095db987b2815b23

Download Submit
C:\Windows\SysWOW64\ulcdsrv.exe

Filesize
223KB

MD5
489a4af4086ff8ed8728d31cbb273059

SHA1
50b47aef62a6061e4d102ad74ee762827547f226

SHA256
a2ec329d801922c92401f079f3ffcee7b61c895703145fc2c92f8edeeb850ef9

SHA512
5daccad9addb8e0839992443dfbda7654e67075ddde834630c6c8d65d3699fbb8429d1d917944fb71a52ca6e545120f98de62a90fab6fb6d095db987b2815b23

Download Submit
C:\Windows\SysWOW64\ulcdsrv.exe

Filesize
223KB

MD5
489a4af4086ff8ed8728d31cbb273059

SHA1
50b47aef62a6061e4d102ad74ee762827547f226

SHA256
a2ec329d801922c92401f079f3ffcee7b61c895703145fc2c92f8edeeb850ef9

SHA512
5daccad9addb8e0839992443dfbda7654e67075ddde834630c6c8d65d3699fbb8429d1d917944fb71a52ca6e545120f98de62a90fab6fb6d095db987b2815b23

Download Submit
C:\Windows\SysWOW64\ulcdsrv.exe

Filesize
223KB

MD5
489a4af4086ff8ed8728d31cbb273059

SHA1
50b47aef62a6061e4d102ad74ee762827547f226

SHA256
a2ec329d801922c92401f079f3ffcee7b61c895703145fc2c92f8edeeb850ef9

SHA512
5daccad9addb8e0839992443dfbda7654e67075ddde834630c6c8d65d3699fbb8429d1d917944fb71a52ca6e545120f98de62a90fab6fb6d095db987b2815b23

Download Submit
C:\Windows\SysWOW64\ulcdsrv.exe

Filesize
223KB

MD5
489a4af4086ff8ed8728d31cbb273059

SHA1
50b47aef62a6061e4d102ad74ee762827547f226

SHA256
a2ec329d801922c92401f079f3ffcee7b61c895703145fc2c92f8edeeb850ef9

SHA512
5daccad9addb8e0839992443dfbda7654e67075ddde834630c6c8d65d3699fbb8429d1d917944fb71a52ca6e545120f98de62a90fab6fb6d095db987b2815b23

Download Submit
C:\Windows\SysWOW64\ulcdsrv.exe

Filesize
223KB

MD5
489a4af4086ff8ed8728d31cbb273059

SHA1
50b47aef62a6061e4d102ad74ee762827547f226

SHA256
a2ec329d801922c92401f079f3ffcee7b61c895703145fc2c92f8edeeb850ef9

SHA512
5daccad9addb8e0839992443dfbda7654e67075ddde834630c6c8d65d3699fbb8429d1d917944fb71a52ca6e545120f98de62a90fab6fb6d095db987b2815b23

Download Submit
C:\Windows\SysWOW64\ulcdsrv.exe

Filesize
223KB

MD5
489a4af4086ff8ed8728d31cbb273059

SHA1
50b47aef62a6061e4d102ad74ee762827547f226

SHA256
a2ec329d801922c92401f079f3ffcee7b61c895703145fc2c92f8edeeb850ef9

SHA512
5daccad9addb8e0839992443dfbda7654e67075ddde834630c6c8d65d3699fbb8429d1d917944fb71a52ca6e545120f98de62a90fab6fb6d095db987b2815b23

Download Submit
C:\Windows\SysWOW64\ulcdsrv.exe

Filesize
223KB

MD5
489a4af4086ff8ed8728d31cbb273059

SHA1
50b47aef62a6061e4d102ad74ee762827547f226

SHA256
a2ec329d801922c92401f079f3ffcee7b61c895703145fc2c92f8edeeb850ef9

SHA512
5daccad9addb8e0839992443dfbda7654e67075ddde834630c6c8d65d3699fbb8429d1d917944fb71a52ca6e545120f98de62a90fab6fb6d095db987b2815b23

Download Submit
C:\Windows\SysWOW64\ulcdsrv.exe

Filesize
223KB

MD5
489a4af4086ff8ed8728d31cbb273059

SHA1
50b47aef62a6061e4d102ad74ee762827547f226

SHA256
a2ec329d801922c92401f079f3ffcee7b61c895703145fc2c92f8edeeb850ef9

SHA512
5daccad9addb8e0839992443dfbda7654e67075ddde834630c6c8d65d3699fbb8429d1d917944fb71a52ca6e545120f98de62a90fab6fb6d095db987b2815b23

Download Submit
C:\Windows\SysWOW64\ulcdsrv.exe

Filesize
223KB

MD5
489a4af4086ff8ed8728d31cbb273059

SHA1
50b47aef62a6061e4d102ad74ee762827547f226

SHA256
a2ec329d801922c92401f079f3ffcee7b61c895703145fc2c92f8edeeb850ef9

SHA512
5daccad9addb8e0839992443dfbda7654e67075ddde834630c6c8d65d3699fbb8429d1d917944fb71a52ca6e545120f98de62a90fab6fb6d095db987b2815b23

Download Submit
C:\Windows\SysWOW64\ulcdsrv.exe

Filesize
223KB

MD5
489a4af4086ff8ed8728d31cbb273059

SHA1
50b47aef62a6061e4d102ad74ee762827547f226

SHA256
a2ec329d801922c92401f079f3ffcee7b61c895703145fc2c92f8edeeb850ef9

SHA512
5daccad9addb8e0839992443dfbda7654e67075ddde834630c6c8d65d3699fbb8429d1d917944fb71a52ca6e545120f98de62a90fab6fb6d095db987b2815b23

Download Submit
C:\Windows\SysWOW64\ulcdsrv.exe

Filesize
223KB

MD5
489a4af4086ff8ed8728d31cbb273059

SHA1
50b47aef62a6061e4d102ad74ee762827547f226

SHA256
a2ec329d801922c92401f079f3ffcee7b61c895703145fc2c92f8edeeb850ef9

SHA512
5daccad9addb8e0839992443dfbda7654e67075ddde834630c6c8d65d3699fbb8429d1d917944fb71a52ca6e545120f98de62a90fab6fb6d095db987b2815b23

Download Submit
C:\Windows\SysWOW64\ulcdsrv.exe

Filesize
223KB

MD5
489a4af4086ff8ed8728d31cbb273059

SHA1
50b47aef62a6061e4d102ad74ee762827547f226

SHA256
a2ec329d801922c92401f079f3ffcee7b61c895703145fc2c92f8edeeb850ef9

SHA512
5daccad9addb8e0839992443dfbda7654e67075ddde834630c6c8d65d3699fbb8429d1d917944fb71a52ca6e545120f98de62a90fab6fb6d095db987b2815b23

Download Submit
C:\Windows\SysWOW64\ulcdsrv.exe

Filesize
223KB

MD5
489a4af4086ff8ed8728d31cbb273059

SHA1
50b47aef62a6061e4d102ad74ee762827547f226

SHA256
a2ec329d801922c92401f079f3ffcee7b61c895703145fc2c92f8edeeb850ef9

SHA512
5daccad9addb8e0839992443dfbda7654e67075ddde834630c6c8d65d3699fbb8429d1d917944fb71a52ca6e545120f98de62a90fab6fb6d095db987b2815b23

Download Submit
C:\Windows\SysWOW64\ulcdsrv.exe

Filesize
223KB

MD5
489a4af4086ff8ed8728d31cbb273059

SHA1
50b47aef62a6061e4d102ad74ee762827547f226

SHA256
a2ec329d801922c92401f079f3ffcee7b61c895703145fc2c92f8edeeb850ef9

SHA512
5daccad9addb8e0839992443dfbda7654e67075ddde834630c6c8d65d3699fbb8429d1d917944fb71a52ca6e545120f98de62a90fab6fb6d095db987b2815b23

Download Submit
C:\Windows\SysWOW64\ulcdsrv.exe

Filesize
223KB

MD5
489a4af4086ff8ed8728d31cbb273059

SHA1
50b47aef62a6061e4d102ad74ee762827547f226

SHA256
a2ec329d801922c92401f079f3ffcee7b61c895703145fc2c92f8edeeb850ef9

SHA512
5daccad9addb8e0839992443dfbda7654e67075ddde834630c6c8d65d3699fbb8429d1d917944fb71a52ca6e545120f98de62a90fab6fb6d095db987b2815b23

Download Submit
C:\Windows\SysWOW64\ulcdsrv.exe

Filesize
223KB

MD5
489a4af4086ff8ed8728d31cbb273059

SHA1
50b47aef62a6061e4d102ad74ee762827547f226

SHA256
a2ec329d801922c92401f079f3ffcee7b61c895703145fc2c92f8edeeb850ef9

SHA512
5daccad9addb8e0839992443dfbda7654e67075ddde834630c6c8d65d3699fbb8429d1d917944fb71a52ca6e545120f98de62a90fab6fb6d095db987b2815b23

Download Submit
C:\Windows\SysWOW64\ulcdsrv.exe

Filesize
223KB

MD5
489a4af4086ff8ed8728d31cbb273059

SHA1
50b47aef62a6061e4d102ad74ee762827547f226

SHA256
a2ec329d801922c92401f079f3ffcee7b61c895703145fc2c92f8edeeb850ef9

SHA512
5daccad9addb8e0839992443dfbda7654e67075ddde834630c6c8d65d3699fbb8429d1d917944fb71a52ca6e545120f98de62a90fab6fb6d095db987b2815b23

Download Submit
C:\Windows\SysWOW64\ulcdsrv.exe

Filesize
223KB

MD5
489a4af4086ff8ed8728d31cbb273059

SHA1
50b47aef62a6061e4d102ad74ee762827547f226

SHA256
a2ec329d801922c92401f079f3ffcee7b61c895703145fc2c92f8edeeb850ef9

SHA512
5daccad9addb8e0839992443dfbda7654e67075ddde834630c6c8d65d3699fbb8429d1d917944fb71a52ca6e545120f98de62a90fab6fb6d095db987b2815b23

Download Submit
C:\Windows\SysWOW64\ulcdsrv.exe

Filesize
223KB

MD5
489a4af4086ff8ed8728d31cbb273059

SHA1
50b47aef62a6061e4d102ad74ee762827547f226

SHA256
a2ec329d801922c92401f079f3ffcee7b61c895703145fc2c92f8edeeb850ef9

SHA512
5daccad9addb8e0839992443dfbda7654e67075ddde834630c6c8d65d3699fbb8429d1d917944fb71a52ca6e545120f98de62a90fab6fb6d095db987b2815b23

Download Submit
C:\Windows\SysWOW64\ulcdsrv.exe

Filesize
223KB

MD5
489a4af4086ff8ed8728d31cbb273059

SHA1
50b47aef62a6061e4d102ad74ee762827547f226

SHA256
a2ec329d801922c92401f079f3ffcee7b61c895703145fc2c92f8edeeb850ef9

SHA512
5daccad9addb8e0839992443dfbda7654e67075ddde834630c6c8d65d3699fbb8429d1d917944fb71a52ca6e545120f98de62a90fab6fb6d095db987b2815b23

Download Submit
C:\Windows\SysWOW64\ulcdsrv.exe

Filesize
223KB

MD5
489a4af4086ff8ed8728d31cbb273059

SHA1
50b47aef62a6061e4d102ad74ee762827547f226

SHA256
a2ec329d801922c92401f079f3ffcee7b61c895703145fc2c92f8edeeb850ef9

SHA512
5daccad9addb8e0839992443dfbda7654e67075ddde834630c6c8d65d3699fbb8429d1d917944fb71a52ca6e545120f98de62a90fab6fb6d095db987b2815b23

Download Submit