Analysis
-
max time kernel
91s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
16-01-2023 18:59
Static task
static1
Behavioral task
behavioral1
Sample
eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe
Resource
win10v2004-20220812-en
9 signatures
150 seconds
General
-
Target
eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe
-
Size
510KB
-
MD5
ff0ac8d6c0a5990dd442f677315e6c4b
-
SHA1
4358324f102afd639d6b1ec92521b37f31ca5d1c
-
SHA256
eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285
-
SHA512
47b93db0d6f90bd4805508663353472709fe53d5397834eadd5ee2feb4a2c2d59f57cf929ac8039f4ea07a2303d880f98806f4d7aade7cee700ff48f3ecf91ae
-
SSDEEP
12288:ytFk7iHlOP8nFr/AuvlNn7N9Opxb6VelFxgcdM:EHlTn5Bv2begS
Score
10/10
Malware Config
Signatures
-
Detects LgoogLoader payload 1 IoCs
resource yara_rule behavioral1/memory/5116-140-0x0000000002A90000-0x0000000002A9D000-memory.dmp family_lgoogloader -
LgoogLoader
A downloader capable of dropping and executing other malware families.
-
Sets service image path in registry 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\TaskKill\ImagePath = "\\??\\C:\\Users\\Admin\\AppData\\Local\\Temp\\Иисус.sys" eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe -
Uses the VBS compiler for execution 1 TTPs
-
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 4084 set thread context of 5116 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 106 -
Suspicious behavior: EnumeratesProcesses 52 IoCs
pid Process 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe -
Suspicious behavior: LoadsDriver 1 IoCs
pid Process 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeDebugPrivilege 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe Token: SeLoadDriverPrivilege 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe Token: SeDebugPrivilege 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe -
Suspicious use of WriteProcessMemory 63 IoCs
description pid Process procid_target PID 4084 wrote to memory of 3976 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 80 PID 4084 wrote to memory of 3976 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 80 PID 4084 wrote to memory of 2624 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 81 PID 4084 wrote to memory of 2624 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 81 PID 4084 wrote to memory of 3316 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 82 PID 4084 wrote to memory of 3316 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 82 PID 4084 wrote to memory of 3132 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 83 PID 4084 wrote to memory of 3132 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 83 PID 4084 wrote to memory of 4620 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 84 PID 4084 wrote to memory of 4620 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 84 PID 4084 wrote to memory of 4652 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 85 PID 4084 wrote to memory of 4652 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 85 PID 4084 wrote to memory of 5000 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 86 PID 4084 wrote to memory of 5000 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 86 PID 4084 wrote to memory of 4964 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 87 PID 4084 wrote to memory of 4964 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 87 PID 4084 wrote to memory of 4948 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 88 PID 4084 wrote to memory of 4948 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 88 PID 4084 wrote to memory of 628 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 89 PID 4084 wrote to memory of 628 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 89 PID 4084 wrote to memory of 4884 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 90 PID 4084 wrote to memory of 4884 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 90 PID 4084 wrote to memory of 4844 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 91 PID 4084 wrote to memory of 4844 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 91 PID 4084 wrote to memory of 4860 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 92 PID 4084 wrote to memory of 4860 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 92 PID 4084 wrote to memory of 4828 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 93 PID 4084 wrote to memory of 4828 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 93 PID 4084 wrote to memory of 4928 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 94 PID 4084 wrote to memory of 4928 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 94 PID 4084 wrote to memory of 4908 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 95 PID 4084 wrote to memory of 4908 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 95 PID 4084 wrote to memory of 4936 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 96 PID 4084 wrote to memory of 4936 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 96 PID 4084 wrote to memory of 4824 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 97 PID 4084 wrote to memory of 4824 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 97 PID 4084 wrote to memory of 1412 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 98 PID 4084 wrote to memory of 1412 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 98 PID 4084 wrote to memory of 4564 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 99 PID 4084 wrote to memory of 4564 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 99 PID 4084 wrote to memory of 3352 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 100 PID 4084 wrote to memory of 3352 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 100 PID 4084 wrote to memory of 4808 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 101 PID 4084 wrote to memory of 4808 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 101 PID 4084 wrote to memory of 960 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 102 PID 4084 wrote to memory of 960 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 102 PID 4084 wrote to memory of 4296 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 103 PID 4084 wrote to memory of 4296 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 103 PID 4084 wrote to memory of 4236 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 104 PID 4084 wrote to memory of 4236 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 104 PID 4084 wrote to memory of 5020 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 105 PID 4084 wrote to memory of 5020 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 105 PID 4084 wrote to memory of 5116 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 106 PID 4084 wrote to memory of 5116 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 106 PID 4084 wrote to memory of 5116 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 106 PID 4084 wrote to memory of 5116 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 106 PID 4084 wrote to memory of 5116 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 106 PID 4084 wrote to memory of 5116 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 106 PID 4084 wrote to memory of 5116 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 106 PID 4084 wrote to memory of 5116 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 106 PID 4084 wrote to memory of 5116 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 106 PID 4084 wrote to memory of 5116 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 106 PID 4084 wrote to memory of 5116 4084 eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe 106
Processes
-
C:\Users\Admin\AppData\Local\Temp\eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe"C:\Users\Admin\AppData\Local\Temp\eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285.exe"1⤵
- Sets service image path in registry
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4084 -
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe"2⤵PID:3976
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe"2⤵PID:2624
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe"2⤵PID:3316
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe"2⤵PID:3132
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe"2⤵PID:4620
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe"2⤵PID:4652
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe"2⤵PID:5000
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe"2⤵PID:4964
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe"2⤵PID:4948
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WsatConfig.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WsatConfig.exe"2⤵PID:628
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regbrowsers.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regbrowsers.exe"2⤵PID:4884
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentask.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentask.exe"2⤵PID:4844
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelReg.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelReg.exe"2⤵PID:4860
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe"2⤵PID:4828
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CasPol.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CasPol.exe"2⤵PID:4928
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe"2⤵PID:4908
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe"2⤵PID:4936
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ComSvcConfig.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ComSvcConfig.exe"2⤵PID:4824
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"2⤵PID:1412
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe"2⤵PID:4564
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Workflow.Compiler.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Workflow.Compiler.exe"2⤵PID:3352
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\EdmGen.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\EdmGen.exe"2⤵PID:4808
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AppLaunch.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AppLaunch.exe"2⤵PID:960
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe"2⤵PID:4296
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe"2⤵PID:4236
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regsql.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regsql.exe"2⤵PID:5020
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\jsc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\jsc.exe"2⤵PID:5116
-