fe38970e0a1ec8a3445ba5896c4918ea854fa8f2ebd4a9532e8dfd403b8b8baa

Analysis

max time kernel
149s
max time network
129s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 13:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

38d3831bfcdfdc36f9b383b79670a1cc.exe
Size

28KB
MD5

38d3831bfcdfdc36f9b383b79670a1cc
SHA1

a13e307d8f522ec12581dd3595369f1719d989db
SHA256

fe38970e0a1ec8a3445ba5896c4918ea854fa8f2ebd4a9532e8dfd403b8b8baa
SHA512

37f0bf22daab3d114d67bfb5677864807e625b3603341636e345719107ec59321b3bc48d0d04e568423b1f4b630bbaede2cd56ce7bba123d23aa483bfabb8865
SSDEEP

768:WwggeLLSw31gydVoPEOVO64TKaNYXg1Z9E:WlLSwlldVoDj4TDNY2I

Score

8^/10

evasion upx

Malware Config

Signatures

Disables Task Manager via registry modification
evasion

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3064-0-0x0000000000400000-0x0000000000436000-memory.dmp	upx
behavioral1/files/0x00060000000167e6-6.dat	upx
behavioral1/memory/3064-937-0x0000000000400000-0x0000000000436000-memory.dmp	upx
behavioral1/memory/3064-3381-0x0000000000400000-0x0000000000436000-memory.dmp	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\WINDOWS\SysWOW64\R$244-57096-322812-19032-976-595848\244-57096-322812-19032-976-595848.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\SysWOW64\R$310-72540-410130-24180-1240-757020\310-72540-410130-24180-1240-757020.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\SysWOW64\R$337-78858-445851-26286-1348-822954\337-78858-445851-26286-1348-822954337-78858-445851-26286-1348-822954.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\SysWOW64\R$370-86580-489510-28860-1480-903540.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\SysWOW64\R$375-87750-496125-29250-1500-915750\375-87750-496125-29250-1500-915750.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File opened for modification	C:\WINDOWS\SysWOW64\R$402-94068-531846-31356-1608-981684.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\SysWOW64\R$151-35334-199773-11778-604-368742\151-35334-199773-11778-604-368742.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\SysWOW64\R$163-38142-215649-12714-652-398046\163-38142-215649-12714-652-398046.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\SysWOW64\R$466-109044-616518-36348-1864-1137972\466-109044-616518-36348-1864-1137972466-109044-616518-36348-1864-1137972.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\SysWOW64\R$145-33930-191835-11310-580-354090\145-33930-191835-11310-580-354090.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\SysWOW64\R$422-98748-558306-32916-1688-1030524\422-98748-558306-32916-1688-1030524422-98748-558306-32916-1688-1030524.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\SysWOW64\R$466-109044-616518-36348-1864-1137972\466-109044-616518-36348-1864-1137972.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\SysWOW64\R$251-58734-332073-19578-1004-612942.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\SysWOW64\R$363-84942-480249-28314-1452-886446\363-84942-480249-28314-1452-886446363-84942-480249-28314-1452-886446.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\SysWOW64\R$254-59436-336042-19812-1016-620268.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File opened for modification	C:\WINDOWS\SysWOW64\R$285-66690-377055-22230-1140-695970.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\SysWOW64\R$19-4446-25137-1482-76-46398\19-4446-25137-1482-76-46398.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\SysWOW64\R$128-29952-169344-9984-512-312576\128-29952-169344-9984-512-312576128-29952-169344-9984-512-312576.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\SysWOW64\R$288-67392-381024-22464-1152-703296.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\SysWOW64\R$468-109512-619164-36504-1872-1142856.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\SysWOW64\R$474-110916-627102-36972-1896-1157508\474-110916-627102-36972-1896-1157508.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\SysWOW64\R$48-11232-63504-3744-192-117216.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\SysWOW64\R$230-53820-304290-17940-920-561660\230-53820-304290-17940-920-561660230-53820-304290-17940-920-561660.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\SysWOW64\R$114-26676-150822-8892-456-278388\114-26676-150822-8892-456-278388114-26676-150822-8892-456-278388.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\SysWOW64\R$115-26910-152145-8970-460-280830\115-26910-152145-8970-460-280830.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File opened for modification	C:\WINDOWS\SysWOW64\R$186-43524-246078-14508-744-454212.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\SysWOW64\R$44-10296-58212-3432-176-107448\44-10296-58212-3432-176-10744844-10296-58212-3432-176-107448.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\SysWOW64\R$62-14508-82026-4836-248-151404\62-14508-82026-4836-248-15140462-14508-82026-4836-248-151404.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\SysWOW64\R$431-100854-570213-33618-1724-1052502\431-100854-570213-33618-1724-1052502.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\SysWOW64\R$459-107406-607257-35802-1836-1120878\459-107406-607257-35802-1836-1120878459-107406-607257-35802-1836-1120878.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\SysWOW64\R$529-123786-699867-41262-2116-1291818\529-123786-699867-41262-2116-1291818529-123786-699867-41262-2116-1291818.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File opened for modification	C:\WINDOWS\SysWOW64\R$280-65520-370440-21840-1120-683760.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\SysWOW64\R$389-91026-514647-30342-1556-949938.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\SysWOW64\R$230-53820-304290-17940-920-561660.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\SysWOW64\R$278-65052-367794-21684-1112-678876\278-65052-367794-21684-1112-678876.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\SysWOW64\R$291-68094-384993-22698-1164-710622\291-68094-384993-22698-1164-710622291-68094-384993-22698-1164-710622.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\SysWOW64\R$505-118170-668115-39390-2020-1233210\505-118170-668115-39390-2020-1233210505-118170-668115-39390-2020-1233210.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\SysWOW64\R$536-125424-709128-41808-2144-1308912\536-125424-709128-41808-2144-1308912536-125424-709128-41808-2144-1308912.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\SysWOW64\R$136-31824-179928-10608-544-332112.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\SysWOW64\R$166-38844-219618-12948-664-405372\166-38844-219618-12948-664-405372.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File opened for modification	C:\WINDOWS\SysWOW64\R$438-102492-579474-34164-1752-1069596.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File opened for modification	C:\WINDOWS\SysWOW64\R$229-53586-302967-17862-916-559218.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\SysWOW64\R$306-71604-404838-23868-1224-747252\306-71604-404838-23868-1224-747252.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\SysWOW64\R$440-102960-582120-34320-1760-1074480.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\SysWOW64\R$174-40716-230202-13572-696-424908.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\SysWOW64\R$385-90090-509355-30030-1540-940170\385-90090-509355-30030-1540-940170385-90090-509355-30030-1540-940170.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File opened for modification	C:\WINDOWS\SysWOW64\R$458-107172-605934-35724-1832-1118436.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File opened for modification	C:\WINDOWS\SysWOW64\R$112-26208-148176-8736-448-273504.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\SysWOW64\R$356-83304-470988-27768-1424-869352\356-83304-470988-27768-1424-869352.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File opened for modification	C:\WINDOWS\SysWOW64\R$88-20592-116424-6864-352-214896.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File opened for modification	C:\WINDOWS\SysWOW64\R$103-24102-136269-8034-412-251526.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\SysWOW64\R$211-49374-279153-16458-844-515262.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\SysWOW64\R$327-76518-432621-25506-1308-798534\327-76518-432621-25506-1308-798534327-76518-432621-25506-1308-798534.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\SysWOW64\R$496-116064-656208-38688-1984-1211232.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\SysWOW64\R$5-1170-6615-390-20-12210\5-1170-6615-390-20-12210.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\SysWOW64\R$78-18252-103194-6084-312-190476\78-18252-103194-6084-312-190476.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\SysWOW64\R$498-116532-658854-38844-1992-1216116.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\SysWOW64\R$125-29250-165375-9750-500-305250\125-29250-165375-9750-500-305250.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File opened for modification	C:\WINDOWS\SysWOW64\R$218-51012-288414-17004-872-532356.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\SysWOW64\R$219-51246-289737-17082-876-534798\219-51246-289737-17082-876-534798.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\SysWOW64\R$482-112788-637686-37596-1928-1177044\482-112788-637686-37596-1928-1177044482-112788-637686-37596-1928-1177044.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\SysWOW64\R$290-67860-383670-22620-1160-708180.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\SysWOW64\R$311-72774-411453-24258-1244-759462\311-72774-411453-24258-1244-759462311-72774-411453-24258-1244-759462.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\SysWOW64\R$380-88920-502740-29640-1520-927960\380-88920-502740-29640-1520-927960.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Morpheus\My Shared Folder\489-114426-646947-38142-1956-1194138.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\Program Files\Shareaza\Downloads\491-114894-649593-38298-1964-1199022.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\Program Files\Grokster\My Shared Folder\61-14274-80703-4758-244-148962.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\Program Files\KMD\My Shared Folder\271-63414-358533-21138-1084-661782.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\Program Files\Ares\My Shared Folder\377-88218-498771-29406-1508-920634.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\Program Files\limeWire\Shared\188-43992-248724-14664-752-459096.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\Program Files\Kazaa\My Shared Folder\195-45630-257985-15210-780-476190.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\Program Files\overnet\incoming\251-58734-332073-19578-1004-612942.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\Program Files\Warez P2P Client\My Shared Folder\276-64584-365148-21528-1104-673992.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\program files\rapigator\share\322-75348-426006-25116-1288-786324.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\Program Files\ICQ\shared files\23-5382-30429-1794-92-56166.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\Program Files\limeWire\Shared\62-14508-82026-4836-248-151404.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\program files\rapigator\share\182-42588-240786-14196-728-444444.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\Program Files\iMesh\iMesh5\Data\Playlists\120-28080-158760-9360-480-293040.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\Program Files\limeWire\Shared\200-46800-264600-15600-800-488400.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\Program Files\Edonkey2000\incoming\254-59436-336042-19812-1016-620268.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\Program Files\Ares\My Shared Folder\505-118170-668115-39390-2020-1233210.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\Program Files\KMD\My Shared Folder\47-10998-62181-3666-188-114774.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\Program Files\XoloX\Downloads\68-15912-89964-5304-272-166056.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\Program Files\ICQ\shared files\85-19890-112455-6630-340-207570.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\Program Files\iMesh\iMesh5\Data\Playlists\183-42822-242109-14274-732-446886.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\Program Files\winmx\shared\196-45864-259308-15288-784-478632.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\Program Files\Morpheus\My Shared Folder\90-21060-119070-7020-360-219780.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\Program Files\Files\Kazaa Lite\My Shared Folder\122-28548-161406-9516-488-297924.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\Program Files\iMesh\iMesh5\Data\Playlists\127-29718-168021-9906-508-310134.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\Program Files\limeWire\Shared\363-84942-480249-28314-1452-886446.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\Program Files\Files\Kazaa Lite\My Shared Folder\379-88686-501417-29562-1516-925518.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\Program Files\Blubster\My Shared Folder\526-123084-695898-41028-2104-1284492.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\Program Files\Internet Explorer\78-18252-103194-6084-312-190476.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\Program Files\Kazaa\My Shared Folder\220-51480-291060-17160-880-537240.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\Program Files\Shareaza\Downloads\349-81666-461727-27222-1396-852258.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\Program Files\limeWire\Shared\378-88452-500094-29484-1512-923076.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\Program Files\Grokster\My Shared Folder\472-110448-624456-36816-1888-1152624.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\Program Files\Internet Explorer\47-10998-62181-3666-188-114774.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\Program Files\ICQ\shared files\71-16614-93933-5538-284-173382.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\Program Files\limeWire\Shared\118-27612-156114-9204-472-288156.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File opened for modification	C:\Program Files\Internet Explorer\344-80496-455112-26832-1376-840048.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\Program Files\iMesh\iMesh5\Data\Playlists\351-82134-464373-27378-1404-857142.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\Program Files\gnucleus\downloads\75-17550-99225-5850-300-183150.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\Program Files\Internet Explorer\257-60138-340011-20046-1028-627594.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\Program Files\Morpheus\My Shared Folder\335-78390-443205-26130-1340-818070.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\Program Files\overnet\incoming\92-21528-121716-7176-368-224664.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\Program Files\Grokster\My Shared Folder\109-25506-144207-8502-436-266178.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\Program Files\iMesh\iMesh5\Data\Playlists\177-41418-234171-13806-708-432234.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\Program Files\Files\Kazaa Lite\My Shared Folder\234-54756-309582-18252-936-571428.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\Program Files\limeWire\Shared\294-68796-388962-22932-1176-717948.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\Program Files\Internet Explorer\27-6318-35721-2106-108-65934.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\Program Files\Edonkey2000\incoming\33-7722-43659-2574-132-80586.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\Program Files\Grokster\My Shared Folder\75-17550-99225-5850-300-183150.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\Program Files\Warez P2P Client\My Shared Folder\413-96642-546399-32214-1652-1008546.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\Program Files\Grokster\My Shared Folder\432-101088-571536-33696-1728-1054944.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\Program Files\Blubster\My Shared Folder\529-123786-699867-41262-2116-1291818.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\Program Files\Edonkey2000\incoming\347-81198-459081-27066-1388-847374.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\Program Files\Grokster\My Shared Folder\363-84942-480249-28314-1452-886446.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\Program Files\Tesla\Files\390-91260-515970-30420-1560-952380.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\Program Files\gnucleus\downloads\510-119340-674730-39780-2040-1245420.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\Program Files\limeWire\Shared\531-124254-702513-41418-2124-1296702.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\Program Files\overnet\incoming\126-29484-166698-9828-504-307692.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\Program Files\Grokster\My Shared Folder\157-36738-207711-12246-628-383394.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\Program Files\KMD\My Shared Folder\427-99918-564921-33306-1708-1042734.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\Program Files\Warez P2P Client\My Shared Folder\186-43524-246078-14508-744-454212.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File opened for modification	C:\Program Files\Internet Explorer\247-57798-326781-19266-988-603174.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\Program Files\limeWire\Shared\399-93366-527877-31122-1596-974358.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\Program Files\ICQ\shared files\414-96876-547722-32292-1656-1010988.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\WINDOWS\R$267-62478-353241-20826-1068-652014.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\R$13-3042-17199-1014-52-31746\13-3042-17199-1014-52-3174613-3042-17199-1014-52-31746.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\R$14-3276-18522-1092-56-34188\14-3276-18522-1092-56-3418814-3276-18522-1092-56-34188.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\R$55-12870-72765-4290-220-134310\55-12870-72765-4290-220-134310.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\R$227-53118-300321-17706-908-554334\227-53118-300321-17706-908-554334.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\R$374-87516-494802-29172-1496-913308\374-87516-494802-29172-1496-913308374-87516-494802-29172-1496-913308.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\R$422-98748-558306-32916-1688-1030524\422-98748-558306-32916-1688-1030524422-98748-558306-32916-1688-1030524.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\R$114-26676-150822-8892-456-278388\114-26676-150822-8892-456-278388.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\R$161-37674-213003-12558-644-393162.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\R$203-47502-268569-15834-812-495726\203-47502-268569-15834-812-495726203-47502-268569-15834-812-495726.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\R$248-58032-328104-19344-992-605616.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File opened for modification	C:\WINDOWS\R$144-33696-190512-11232-576-351648.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File opened for modification	C:\WINDOWS\R$273-63882-361179-21294-1092-666666.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\R$186-43524-246078-14508-744-454212\186-43524-246078-14508-744-454212.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\R$474-110916-627102-36972-1896-1157508\474-110916-627102-36972-1896-1157508474-110916-627102-36972-1896-1157508.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\R$477-111618-631071-37206-1908-1164834\477-111618-631071-37206-1908-1164834.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\R$508-118872-672084-39624-2032-1240536.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File opened for modification	C:\WINDOWS\R$51-11934-67473-3978-204-124542.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\R$82-19188-108486-6396-328-200244.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\R$140-32760-185220-10920-560-341880\140-32760-185220-10920-560-341880.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\R$516-120744-682668-40248-2064-1260072\516-120744-682668-40248-2064-1260072.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\R$265-62010-350595-20670-1060-647130.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\R$422-98748-558306-32916-1688-1030524\422-98748-558306-32916-1688-1030524.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\R$427-99918-564921-33306-1708-1042734.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\R$41-9594-54243-3198-164-100122.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\R$105-24570-138915-8190-420-256410\105-24570-138915-8190-420-256410105-24570-138915-8190-420-256410.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\R$212-49608-280476-16536-848-517704\212-49608-280476-16536-848-517704.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\R$263-61542-347949-20514-1052-642246\263-61542-347949-20514-1052-642246.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\R$447-104598-591381-34866-1788-1091574\447-104598-591381-34866-1788-1091574447-104598-591381-34866-1788-1091574.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\R$452-105768-597996-35256-1808-1103784\452-105768-597996-35256-1808-1103784.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\R$8-1872-10584-624-32-19536.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\R$19-4446-25137-1482-76-46398.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\R$206-48204-272538-16068-824-503052.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File opened for modification	C:\WINDOWS\R$345-80730-456435-26910-1380-842490.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\R$54-12636-71442-4212-216-131868\54-12636-71442-4212-216-131868.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File opened for modification	C:\WINDOWS\R$306-71604-404838-23868-1224-747252.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\R$341-79794-451143-26598-1364-832722\341-79794-451143-26598-1364-832722.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\R$481-112554-636363-37518-1924-1174602\481-112554-636363-37518-1924-1174602481-112554-636363-37518-1924-1174602.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\R$432-101088-571536-33696-1728-1054944\432-101088-571536-33696-1728-1054944432-101088-571536-33696-1728-1054944.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\R$480-112320-635040-37440-1920-1172160\480-112320-635040-37440-1920-1172160.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\R$496-116064-656208-38688-1984-1211232.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File opened for modification	C:\WINDOWS\R$14-3276-18522-1092-56-34188.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\R$26-6084-34398-2028-104-63492\26-6084-34398-2028-104-63492.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\R$41-9594-54243-3198-164-100122\41-9594-54243-3198-164-10012241-9594-54243-3198-164-100122.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\R$203-47502-268569-15834-812-495726.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\R$68-15912-89964-5304-272-166056\68-15912-89964-5304-272-166056.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\R$192-44928-254016-14976-768-468864\192-44928-254016-14976-768-468864192-44928-254016-14976-768-468864.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File opened for modification	C:\WINDOWS\R$363-84942-480249-28314-1452-886446.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\R$50-11700-66150-3900-200-122100\50-11700-66150-3900-200-12210050-11700-66150-3900-200-122100.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File opened for modification	C:\WINDOWS\R$237-55458-313551-18486-948-578754.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\R$267-62478-353241-20826-1068-652014\267-62478-353241-20826-1068-652014267-62478-353241-20826-1068-652014.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\R$420-98280-555660-32760-1680-1025640\420-98280-555660-32760-1680-1025640420-98280-555660-32760-1680-1025640.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\R$2-468-2646-156-8-4884\2-468-2646-156-8-4884.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\R$26-6084-34398-2028-104-63492.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\R$360-84240-476280-28080-1440-879120\360-84240-476280-28080-1440-879120.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File opened for modification	C:\WINDOWS\R$372-87048-492156-29016-1488-908424.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File opened for modification	C:\WINDOWS\R$434-101556-574182-33852-1736-1059828.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\R$137-32058-181251-10686-548-334554\137-32058-181251-10686-548-334554.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\R$210-49140-277830-16380-840-512820\210-49140-277830-16380-840-512820.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File opened for modification	C:\WINDOWS\R$329-76986-435267-25662-1316-803418.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\R$59-13806-78057-4602-236-144078\59-13806-78057-4602-236-14407859-13806-78057-4602-236-144078.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\R$66-15444-87318-5148-264-161172\66-15444-87318-5148-264-161172.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File created	C:\WINDOWS\R$105-24570-138915-8190-420-256410.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe
File opened for modification	C:\WINDOWS\R$111-25974-146853-8658-444-271062.exe	38d3831bfcdfdc36f9b383b79670a1cc.exe

Gathers network information 2 TTPs 64 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command and Scripting Interpreter

T1059

pid	Process
2932	ipconfig.exe
1772	Process not Found
2940	Process not Found
2940	ipconfig.exe
1576	ipconfig.exe
2896	ipconfig.exe
2924	ipconfig.exe
2680	ipconfig.exe
3044	ipconfig.exe
1464	ipconfig.exe
3040	ipconfig.exe
880	ipconfig.exe
1860	Process not Found
2180	ipconfig.exe
1680	ipconfig.exe
1500	ipconfig.exe
1524	ipconfig.exe
2800	ipconfig.exe
2944	ipconfig.exe
584	ipconfig.exe
1244	ipconfig.exe
2832	ipconfig.exe
368	ipconfig.exe
2896	Process not Found
1220	Process not Found
2812	ipconfig.exe
1516	ipconfig.exe
776	ipconfig.exe
1288	ipconfig.exe
1080	ipconfig.exe
2900	ipconfig.exe
2192	ipconfig.exe
1240	Process not Found
1496	ipconfig.exe
2344	ipconfig.exe
1608	ipconfig.exe
2668	Process not Found
2948	ipconfig.exe
1912	ipconfig.exe
1836	ipconfig.exe
1760	Process not Found
2836	ipconfig.exe
1116	ipconfig.exe
1040	ipconfig.exe
3044	ipconfig.exe
2568	ipconfig.exe
2568	ipconfig.exe
1276	Process not Found
2328	ipconfig.exe
1988	ipconfig.exe
2824	ipconfig.exe
2000	ipconfig.exe
2848	ipconfig.exe
3020	ipconfig.exe
2240	ipconfig.exe
1392	ipconfig.exe
2744	ipconfig.exe
2668	Process not Found
1284	Process not Found
1384	Process not Found
2296	ipconfig.exe
1732	ipconfig.exe
1124	ipconfig.exe
1640	ipconfig.exe

Modifies registry class 14 IoCs

description	ioc	Process
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\.ini	38d3831bfcdfdc36f9b383b79670a1cc.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\.java	38d3831bfcdfdc36f9b383b79670a1cc.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\.jpg	38d3831bfcdfdc36f9b383b79670a1cc.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\.mpeg	38d3831bfcdfdc36f9b383b79670a1cc.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\.html	38d3831bfcdfdc36f9b383b79670a1cc.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\.mp3	38d3831bfcdfdc36f9b383b79670a1cc.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\.wmv	38d3831bfcdfdc36f9b383b79670a1cc.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\.txt	38d3831bfcdfdc36f9b383b79670a1cc.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\.mpg	38d3831bfcdfdc36f9b383b79670a1cc.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\.bmp	38d3831bfcdfdc36f9b383b79670a1cc.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\.avi	38d3831bfcdfdc36f9b383b79670a1cc.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\.zip	38d3831bfcdfdc36f9b383b79670a1cc.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\.gif	38d3831bfcdfdc36f9b383b79670a1cc.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm	38d3831bfcdfdc36f9b383b79670a1cc.exe

Modifies registry key 1 TTPs 64 IoCs

Modify Registry

T1112

pid	Process
2584	REG.exe
368	REG.exe
2092	REG.exe
2340	REG.exe
2304	REG.exe
2668	REG.exe
480	REG.exe
1732	REG.exe
648	REG.exe
2416	REG.exe
2360	Process not Found
2820	Process not Found
2568	REG.exe
2944	REG.exe
292	REG.exe
2904	Process not Found
2984	REG.exe
2300	REG.exe
2512	REG.exe
2732	Process not Found
2428	REG.exe
2752	REG.exe
2024	REG.exe
396	REG.exe
1856	REG.exe
2800	REG.exe
2636	Process not Found
2216	REG.exe
2404	REG.exe
1472	REG.exe
1600	REG.exe
2376	REG.exe
1316	REG.exe
2920	REG.exe
2888	REG.exe
3000	REG.exe
2540	Process not Found
1948	Process not Found
2388	REG.exe
1348	REG.exe
2728	REG.exe
1784	REG.exe
1620	REG.exe
2896	REG.exe
2936	REG.exe
1968	REG.exe
2480	REG.exe
2332	REG.exe
2244	REG.exe
3012	REG.exe
2108	REG.exe
808	Process not Found
2400	REG.exe
2416	REG.exe
1032	REG.exe
2516	REG.exe
572	REG.exe
1808	REG.exe
2416	Process not Found
2576	REG.exe
1836	REG.exe
2324	REG.exe
1784	REG.exe
1904	REG.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
3064	38d3831bfcdfdc36f9b383b79670a1cc.exe
3064	38d3831bfcdfdc36f9b383b79670a1cc.exe
3064	38d3831bfcdfdc36f9b383b79670a1cc.exe
3064	38d3831bfcdfdc36f9b383b79670a1cc.exe
3064	38d3831bfcdfdc36f9b383b79670a1cc.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
3064	38d3831bfcdfdc36f9b383b79670a1cc.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3064	38d3831bfcdfdc36f9b383b79670a1cc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3064 wrote to memory of 2748	3064	38d3831bfcdfdc36f9b383b79670a1cc.exe	28
PID 3064 wrote to memory of 2748	3064	38d3831bfcdfdc36f9b383b79670a1cc.exe	28
PID 3064 wrote to memory of 2748	3064	38d3831bfcdfdc36f9b383b79670a1cc.exe	28
PID 3064 wrote to memory of 2748	3064	38d3831bfcdfdc36f9b383b79670a1cc.exe	28
PID 3064 wrote to memory of 2056	3064	38d3831bfcdfdc36f9b383b79670a1cc.exe	29
PID 3064 wrote to memory of 2056	3064	38d3831bfcdfdc36f9b383b79670a1cc.exe	29
PID 3064 wrote to memory of 2056	3064	38d3831bfcdfdc36f9b383b79670a1cc.exe	29
PID 3064 wrote to memory of 2056	3064	38d3831bfcdfdc36f9b383b79670a1cc.exe	29
PID 3064 wrote to memory of 2764	3064	38d3831bfcdfdc36f9b383b79670a1cc.exe	32
PID 3064 wrote to memory of 2764	3064	38d3831bfcdfdc36f9b383b79670a1cc.exe	32
PID 3064 wrote to memory of 2764	3064	38d3831bfcdfdc36f9b383b79670a1cc.exe	32
PID 3064 wrote to memory of 2764	3064	38d3831bfcdfdc36f9b383b79670a1cc.exe	32
PID 3064 wrote to memory of 2720	3064	38d3831bfcdfdc36f9b383b79670a1cc.exe	33
PID 3064 wrote to memory of 2720	3064	38d3831bfcdfdc36f9b383b79670a1cc.exe	33
PID 3064 wrote to memory of 2720	3064	38d3831bfcdfdc36f9b383b79670a1cc.exe	33
PID 3064 wrote to memory of 2720	3064	38d3831bfcdfdc36f9b383b79670a1cc.exe	33
PID 3064 wrote to memory of 2812	3064	38d3831bfcdfdc36f9b383b79670a1cc.exe	36
PID 3064 wrote to memory of 2812	3064	38d3831bfcdfdc36f9b383b79670a1cc.exe	36
PID 3064 wrote to memory of 2812	3064	38d3831bfcdfdc36f9b383b79670a1cc.exe	36
PID 3064 wrote to memory of 2812	3064	38d3831bfcdfdc36f9b383b79670a1cc.exe	36
PID 3064 wrote to memory of 2584	3064	38d3831bfcdfdc36f9b383b79670a1cc.exe	37
PID 3064 wrote to memory of 2584	3064	38d3831bfcdfdc36f9b383b79670a1cc.exe	37
PID 3064 wrote to memory of 2584	3064	38d3831bfcdfdc36f9b383b79670a1cc.exe	37
PID 3064 wrote to memory of 2584	3064	38d3831bfcdfdc36f9b383b79670a1cc.exe	37
PID 3064 wrote to memory of 2640	3064	38d3831bfcdfdc36f9b383b79670a1cc.exe	40
PID 3064 wrote to memory of 2640	3064	38d3831bfcdfdc36f9b383b79670a1cc.exe	40
PID 3064 wrote to memory of 2640	3064	38d3831bfcdfdc36f9b383b79670a1cc.exe	40
PID 3064 wrote to memory of 2640	3064	38d3831bfcdfdc36f9b383b79670a1cc.exe	40
PID 3064 wrote to memory of 2016	3064	38d3831bfcdfdc36f9b383b79670a1cc.exe	41
PID 3064 wrote to memory of 2016	3064	38d3831bfcdfdc36f9b383b79670a1cc.exe	41
PID 3064 wrote to memory of 2016	3064	38d3831bfcdfdc36f9b383b79670a1cc.exe	41
PID 3064 wrote to memory of 2016	3064	38d3831bfcdfdc36f9b383b79670a1cc.exe	41
PID 3064 wrote to memory of 616	3064	38d3831bfcdfdc36f9b383b79670a1cc.exe	44
PID 3064 wrote to memory of 616	3064	38d3831bfcdfdc36f9b383b79670a1cc.exe	44
PID 3064 wrote to memory of 616	3064	38d3831bfcdfdc36f9b383b79670a1cc.exe	44
PID 3064 wrote to memory of 616	3064	38d3831bfcdfdc36f9b383b79670a1cc.exe	44
PID 3064 wrote to memory of 1944	3064	38d3831bfcdfdc36f9b383b79670a1cc.exe	45
PID 3064 wrote to memory of 1944	3064	38d3831bfcdfdc36f9b383b79670a1cc.exe	45
PID 3064 wrote to memory of 1944	3064	38d3831bfcdfdc36f9b383b79670a1cc.exe	45
PID 3064 wrote to memory of 1944	3064	38d3831bfcdfdc36f9b383b79670a1cc.exe	45
PID 3064 wrote to memory of 2796	3064	38d3831bfcdfdc36f9b383b79670a1cc.exe	48
PID 3064 wrote to memory of 2796	3064	38d3831bfcdfdc36f9b383b79670a1cc.exe	48
PID 3064 wrote to memory of 2796	3064	38d3831bfcdfdc36f9b383b79670a1cc.exe	48
PID 3064 wrote to memory of 2796	3064	38d3831bfcdfdc36f9b383b79670a1cc.exe	48
PID 3064 wrote to memory of 2836	3064	38d3831bfcdfdc36f9b383b79670a1cc.exe	49
PID 3064 wrote to memory of 2836	3064	38d3831bfcdfdc36f9b383b79670a1cc.exe	49
PID 3064 wrote to memory of 2836	3064	38d3831bfcdfdc36f9b383b79670a1cc.exe	49
PID 3064 wrote to memory of 2836	3064	38d3831bfcdfdc36f9b383b79670a1cc.exe	49
PID 3064 wrote to memory of 2896	3064	38d3831bfcdfdc36f9b383b79670a1cc.exe	52
PID 3064 wrote to memory of 2896	3064	38d3831bfcdfdc36f9b383b79670a1cc.exe	52
PID 3064 wrote to memory of 2896	3064	38d3831bfcdfdc36f9b383b79670a1cc.exe	52
PID 3064 wrote to memory of 2896	3064	38d3831bfcdfdc36f9b383b79670a1cc.exe	52
PID 3064 wrote to memory of 1780	3064	38d3831bfcdfdc36f9b383b79670a1cc.exe	53
PID 3064 wrote to memory of 1780	3064	38d3831bfcdfdc36f9b383b79670a1cc.exe	53
PID 3064 wrote to memory of 1780	3064	38d3831bfcdfdc36f9b383b79670a1cc.exe	53
PID 3064 wrote to memory of 1780	3064	38d3831bfcdfdc36f9b383b79670a1cc.exe	53
PID 3064 wrote to memory of 1984	3064	38d3831bfcdfdc36f9b383b79670a1cc.exe	56
PID 3064 wrote to memory of 1984	3064	38d3831bfcdfdc36f9b383b79670a1cc.exe	56
PID 3064 wrote to memory of 1984	3064	38d3831bfcdfdc36f9b383b79670a1cc.exe	56
PID 3064 wrote to memory of 1984	3064	38d3831bfcdfdc36f9b383b79670a1cc.exe	56
PID 3064 wrote to memory of 2492	3064	38d3831bfcdfdc36f9b383b79670a1cc.exe	57
PID 3064 wrote to memory of 2492	3064	38d3831bfcdfdc36f9b383b79670a1cc.exe	57
PID 3064 wrote to memory of 2492	3064	38d3831bfcdfdc36f9b383b79670a1cc.exe	57
PID 3064 wrote to memory of 2492	3064	38d3831bfcdfdc36f9b383b79670a1cc.exe	57

C:\Users\Admin\AppData\Local\Temp\38d3831bfcdfdc36f9b383b79670a1cc.exe
"C:\Users\Admin\AppData\Local\Temp\38d3831bfcdfdc36f9b383b79670a1cc.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3064
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2748
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2056
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2764
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2720
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2812
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2584
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2640
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2016
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:616
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1944
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2796
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  - Gathers network information
  PID:2836
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2896
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1780
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1984
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2492
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1980
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:812
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1644
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1728
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2936
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1636
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:884
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:368
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1348
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1336
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1720
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  - Gathers network information
  PID:2296
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2412
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1940
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  - Modifies registry key
  PID:2092
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  - Gathers network information
  PID:2948
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2696
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  - Gathers network information
  PID:2940
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2712
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2700
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2704
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  - Gathers network information
  PID:2800
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1312
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:464
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1080
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2564
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1952
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1524
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1488
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  - Gathers network information
  PID:2180
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2012
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1916
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  - Modifies registry key
  PID:1836
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2980
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1808
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2272
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2216
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1548
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:596
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2396
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2388
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2460
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2644
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  - Gathers network information
  PID:2944
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1040
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2288
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1584
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2784
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2380
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2696
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:656
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1576
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1232
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2236
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2324
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  - Gathers network information
  PID:2328
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2356
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1640
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2652
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:968
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1636
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1848
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2276
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2244
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  - Modifies registry key
  PID:1316
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2456
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:240
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1720
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2976
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2460
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2560
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2784
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2700
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:3032
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:584
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2584
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2684
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  - Gathers network information
  PID:3020
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2836
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  - Modifies registry key
  PID:1620
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2752
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1972
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2556
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1312
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2304
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1284
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2428
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2400
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:436
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:368
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1532
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1760
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1496
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:872
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  - Modifies registry key
  PID:2388
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2760
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  - Modifies registry key
  PID:2568
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2948
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2852
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2544
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2604
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2900
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  - Gathers network information
  PID:1576
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2888
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  - Gathers network information
  PID:2680
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:584
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1988
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2192
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1124
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2784
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:3048
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2984
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  - Gathers network information
  PID:2240
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2332
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2744
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2968
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2428
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1904
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2400
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:892
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:860
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2868
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:672
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1496
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1536
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2468
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2668
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2716
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1272
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2740
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:320
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2824
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2932
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1508
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  - Gathers network information
  PID:2812
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2724
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  - Modifies registry key
  PID:2584
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  - Gathers network information
  PID:584
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2928
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1792
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  - Modifies registry key
  PID:2896
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1952
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2340
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2556
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  - Modifies registry key
  PID:2984
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1284
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2272
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  - Gathers network information
  PID:1516
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2464
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:368
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2104
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1772
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2384
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2560
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2588
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:320
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1956
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1124
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2740
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  - Gathers network information
  PID:1988
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2544
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1972
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  - Gathers network information
  PID:1080
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  - Modifies registry key
  PID:2300
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2000
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  - Modifies registry key
  PID:2936
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2216
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2264
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:560
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  - Modifies registry key
  PID:2400
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  - Modifies registry key
  PID:2244
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:3004
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2456
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2272
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2428
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2836
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  - Modifies registry key
  PID:2944
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2404
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1348
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:368
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1592
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:676
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1584
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2516
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  - Modifies registry key
  PID:2512
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2876
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2884
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:624
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2824
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:648
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2356
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:584
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2784
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1636
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1708
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2344
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2844
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:296
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1904
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  - Modifies registry key
  PID:2216
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1276
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:660
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2616
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:892
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  - Modifies registry key
  PID:2340
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  - Gathers network information
  PID:1244
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2232
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2940
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2768
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2944
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  - Modifies registry key
  PID:2920
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2564
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2360
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2560
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2536
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1992
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1944
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2800
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1500
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2152
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  - Modifies registry key
  PID:2304
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2176
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2292
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2064
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2772
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:3040
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1980
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2752
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:3052
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2344
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2296
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:596
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2616
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2984
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1760
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:296
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2456
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2748
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1584
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2496
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  - Modifies registry key
  PID:2324
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:3044
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2696
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2672
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1564
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:3048
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:368
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:480
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1576
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:576
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:3000
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2312
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2676
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2240
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1288
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  - Gathers network information
  PID:1732
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2452
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2540
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2704
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2736
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1148
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1536
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  - Modifies registry key
  PID:3012
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1424
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2264
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2364
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  - Modifies registry key
  PID:1032
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1040
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1720
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2292
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1976
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1812
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1684
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:3020
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  - Gathers network information
  PID:1496
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2108
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2304
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2084
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  - Gathers network information
  PID:2824
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2920
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1816
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2400
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2516
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2740
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2116
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  - Modifies registry key
  PID:1784
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1600
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1612
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  - Modifies registry key
  PID:648
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1636
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:840
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1472
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2368
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2896
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2360
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:892
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1772
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1592
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2044
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1960
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  - Gathers network information
  PID:2000
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:968
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1328
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1108
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:3020
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1720
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2452
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1220
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1948
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:3044
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2844
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2816
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2120
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2528
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1312
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2328
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2456
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2548
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2872
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2480
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2364
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2944
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2700
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:396
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  - Gathers network information
  PID:1680
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2864
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2376
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1792
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2344
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2064
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2920
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1256
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:968
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2968
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2384
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1048
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1720
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1220
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  - Modifies registry key
  PID:292
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2192
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2536
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2396
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:3044
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1848
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1232
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:680
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2724
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2712
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1860
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  - Modifies registry key
  PID:1348
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2620
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1668
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:568
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:812
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1792
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2044
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:436
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  - Gathers network information
  PID:2896
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2472
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1564
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2460
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1960
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2800
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2716
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1480
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1708
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  - Modifies registry key
  PID:2668
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2416
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2372
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1524
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1000
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1980
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2740
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2572
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2360
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2292
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1600
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2004
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1668
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2000
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1596
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  - Gathers network information
  PID:1040
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2596
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1812
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1108
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:680
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  - Gathers network information
  PID:776
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2928
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1116
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2528
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2816
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1500
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1804
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2940
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2548
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2872
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2316
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:368
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:3048
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2948
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2348
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1940
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2636
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1564
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1288
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1336
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2620
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2088
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1576
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2244
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2908
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:3000
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2040
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1976
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2320
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1820
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1312
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1304
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1636
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:860
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1568
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1328
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1792
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:328
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1812
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2628
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:968
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2880
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  - Modifies registry key
  PID:368
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2948
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  - Modifies registry key
  PID:2404
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2180
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2636
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2332
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2568
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2448
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:896
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:732
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  - Modifies registry key
  PID:1472
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2668
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:848
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1584
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  - Modifies registry key
  PID:1968
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2856
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2852
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1692
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1472
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2232
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1932
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2808
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2836
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  - Gathers network information
  PID:1912
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2760
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2292
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1944
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:676
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:568
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2064
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1592
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2388
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1468
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:3008
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1816
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2488
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2404
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2284
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2888
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1596
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1900
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2672
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1952
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1336
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1804
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:884
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2820
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2588
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  - Gathers network information
  PID:1124
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2872
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2536
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2808
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1000
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2880
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2580
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2912
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2740
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1904
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1148
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2968
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  - Gathers network information
  PID:1288
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  - Modifies registry key
  PID:2480
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  - Gathers network information
  PID:1836
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1996
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:320
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1584
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:240
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1668
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1580
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2300
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2848
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:268
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2624
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1944
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2872
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  - Modifies registry key
  PID:2428
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2736
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:884
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2672
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1952
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  - Modifies registry key
  PID:2416
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  - Gathers network information
  PID:2924
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2088
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2460
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:3008
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2472
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1596
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1348
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1256
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  - Modifies registry key
  PID:2888
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1468
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:280
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:3000
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2864
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:3040
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1588
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  - Modifies registry key
  PID:2752
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2416
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2176
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1976
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1708
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  - Gathers network information
  PID:1116
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1464
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2648
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2612
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2512
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:848
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2596
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2468
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1476
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2860
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2904
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:320
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:240
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2096
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1576
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1760
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1948
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2768
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1900
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  - Modifies registry key
  PID:1904
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  - Gathers network information
  PID:1500
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2812
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1244
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2580
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2536
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  - Gathers network information
  PID:3044
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1316
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2120
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1116
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2992
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2964
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2800
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2584
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1988
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2656
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2564
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2160
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  - Modifies registry key
  PID:480
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2928
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  - Modifies registry key
  PID:2516
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1836
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2824
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2220
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1472
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2328
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1764
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1720
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1220
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2052
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:892
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2760
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1460
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2664
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  - Modifies registry key
  PID:2800
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:3016
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:732
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2092
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1040
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1848
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:296
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2688
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2804
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2780
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1684
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2412
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2180
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2320
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2244
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2516
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:396
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2168
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1992
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2712
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1464
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:3000
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2856
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2232
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2452
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2648
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  - Gathers network information
  PID:2568
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:3016
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2468
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1568
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2656
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:552
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2404
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1816
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:968
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:996
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2968
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2868
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1508
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1312
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:744
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:808
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1796
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:928
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2776
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2736
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:836
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2168
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:616
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1976
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1720
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1548
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2340
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1464
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1532
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1108
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1116
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1956
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2452
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2312
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2980
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:3044
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1716
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2356
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2228
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2928
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1996
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2572
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1732
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2180
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2084
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2072
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2464
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:240
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:932
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  - Gathers network information
  PID:1392
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2492
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2816
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2736
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2548
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2728
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2672
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:912
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1544
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2000
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2136
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2864
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2536
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2880
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2800
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  - Modifies registry key
  PID:2108
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  - Gathers network information
  PID:1640
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2608
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1960
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2272
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2792
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2944
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:296
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  - Gathers network information
  PID:2932
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2896
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1636
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:3044
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  - Modifies registry key
  PID:2332
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1784
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2320
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2516
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1300
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:852
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1952
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2256
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1736
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:884
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1780
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2296
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1348
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2056
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  - Modifies registry key
  PID:2024
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2840
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1912
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:576
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1244
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:840
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2844
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2312
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1564
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:772
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2364
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:732
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:3036
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2004
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2956
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1804
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2780
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1936
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2932
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2464
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1652
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1856
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2028
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2320
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  - Modifies registry key
  PID:572
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1300
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1392
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1980
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  - Modifies registry key
  PID:2728
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1672
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2884
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2588
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2040
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2652
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2176
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2316
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1260
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2416
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  - Modifies registry key
  PID:1600
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2876
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2888
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1592
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2568
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:772
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:436
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:3028
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:968
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:812
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2704
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1812
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2072
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2236
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1936
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  - Gathers network information
  PID:3044
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2256
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  - Gathers network information
  PID:2900
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:996
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:916
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1944
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2620
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1836
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2292
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2024
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1276
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2908
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2912
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2040
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:3016
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1800
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1568
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  - Modifies registry key
  PID:2416
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2604
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1644
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2608
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:3012
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  - Gathers network information
  PID:2744
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:280
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1968
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2228
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:436
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1816
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  - Gathers network information
  PID:1524
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2796
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1932
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2276
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2776
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2820
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1240
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1712
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2264
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1220
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1944
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2660
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2132
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2428
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1000
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2808
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2728
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2176
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1584
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2556
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2508
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1716
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1496
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1988
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:268
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2688
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2384
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  - Gathers network information
  PID:2568
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  - Modifies registry key
  PID:1808
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2716
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  - Gathers network information
  PID:2344
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  - Gathers network information
  PID:880
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2228
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:844
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1508
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:988
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  - Gathers network information
  PID:1608
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2984
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:3044
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:916
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  - Gathers network information
  PID:2192
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2680
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1992
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  - Modifies registry key
  PID:2376
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1836
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2328
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1516
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1944
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:292
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2324
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  - Gathers network information
  PID:2848
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1284
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2304
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1500
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2212
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1496
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:480
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2396
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2272
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:840
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1960
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2412
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1760
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:280
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2636
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1816
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:880
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:844
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1948
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1856
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1652
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2872
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2776
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2548
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  - Gathers network information
  PID:2832
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  - Modifies registry key
  PID:2576
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1300
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  - Modifies registry key
  PID:3000
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2812
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2904
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2108
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2700
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2056
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2044
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:872
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2564
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  - Gathers network information
  PID:1464
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  - Modifies registry key
  PID:1732
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2584
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1496
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  - Gathers network information
  PID:368
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2272
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:3068
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2704
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1476
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1804
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2732
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2244
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1488
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  - Modifies registry key
  PID:396
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:988
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2984
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2504
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1536
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  - Gathers network information
  PID:3040
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2768
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  - Modifies registry key
  PID:1856
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2520
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1232
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2772
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  - Modifies registry key
  PID:1784
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1928
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:660
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1276
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2812
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1800
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1580
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2616
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:328
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2232
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2172
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2612
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:1988
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:2592
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2092
- C:\Windows\SysWOW64\REG.exe
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
  2⤵
  PID:1776
- C:\Windows\SysWOW64\ipconfig.exe
  ipconfig /release
  2⤵
  PID:2868

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-2341026861032965317-10805512891234638124-884464587-1121095118-1301751144849963861"
1⤵
PID:1644

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1867632211677636998530311625424141957-1125769025-553483765-1813291969-670332711"
1⤵
PID:2012

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "14195826952096509049-925877993-826373492-931540245-477663080412729785264299316"
1⤵
PID:1584

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1224362361292956251-5854118816619358361261545645757355221339539023-1345100868"
1⤵
PID:1848

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "17108572651187136670-78145664-111380660-1400761616-187449786813843805931474045358"
1⤵
PID:2276

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "203103182-13394384191522175820782406480985417021103530232317112629541053951003"
1⤵
PID:2696

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "198657062-2097814664-668247177-30917426-170002529216317285501946195632-99932892"
1⤵
PID:1640

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "42131644-862089862-1973171028-1911170182-1936162318-194799802782519137-1271466732"
1⤵
PID:2836

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "19794899761486764226-1145488148-3564538721331201492-2016603290-1779578552-1547368545"
1⤵
PID:2324

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-133337932104987419-419649292-73959543632419805-167391230518061155461801153798"
1⤵
PID:436

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-12527260667630485331709925238-1334566362-926904208610307910127792952672493581"
1⤵
PID:1532

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-19768991101530223228-8198417661046077750-4080133212012938699-869567077-1622142386"
1⤵
PID:2380

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "572496381-13071440971903412322-1814578723-209460446-173945034610880081961978759220"
1⤵
PID:1232

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "295592074105846847-15053779841731778472575444009-911212719-1750996576-1628187237"
1⤵
PID:2784

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-2071030054-16016911501900289740883244661816635427-525097746-324013385-731215180"
1⤵
PID:2428

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "254892486-16257849681000653130-304717360-88416296317575902461319132787987644375"
1⤵
PID:2948

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "9492230921244491831821402420568543191-295304477-232468223308254377-346187758"
1⤵
PID:2216

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "531858319-87403901-862700277-7628027671782810657-10670920571638533568-735449441"
1⤵
PID:2876

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "150407466-1537241586-342849251112313584-6732252581097668797-1253012535-1408061875"
1⤵
PID:2152

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "872978281127977665-1071170788182910266416259741741948881739-1116723558-820011729"
1⤵
PID:2064

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1965798507-842724485-69383433221180168416344554601968376285-11479314291119417738"
1⤵
PID:1584

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-2088363522-896916587-1681916808-1954997195-1701749001-443397813-19330391351835540594"
1⤵
PID:2176

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1072089709-1582200172-1751484124783082290-859348095-980647311-1769534690-1251320675"
1⤵
PID:3040

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-13529048213491909351017102537-145199186433540364588757385516635999881338396081"
1⤵
PID:2344

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1104941328-1438596802247089062-1383048495-210346687-1847284324616709644991842088"
1⤵
PID:2884

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1420506399-775764285-20060203874680244119939815661290346692-5373729881874641466"
1⤵
PID:368

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1645299824375078241161695814-219876412-127705508530855029-7260886331486081747"
1⤵
PID:2364

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-2146640509766828949-681572481-9386456291552872269610422692699789692-1177817943"
1⤵
PID:292

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-337836487743499171856316483734004663-7426552924500471477619962391609733739"
1⤵
PID:1220

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1537558145573384341428093263-23674566816698809662126851221-1881808529120114247"
1⤵
PID:1960

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1974219845-1401842597-218274456668142367-3417776287668185951025950412-1175199371"
1⤵
PID:3020

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "545996215438201341-703079476557966992-272523060-990016676-1486069111-42870362"
1⤵
PID:2344

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1900852250-1288796019560517392359574413-20791877971166854831042496996988760183"
1⤵
PID:812

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1652145152-308064483-740323415-473019359973367415-610050651849110182-655625764"
1⤵
PID:3048

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "86009667120799676381449814767533702735378963341-561156266606885873-1676652405"
1⤵
PID:680

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-201326483-14716721741691659257615231263-32702422512647949581084191388882327440"
1⤵
PID:1680

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1842086655394600070-12617499081135254111-519997918-12471901861317260177-271695741"
1⤵
PID:2328

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-749613943-1116125086161976505512799462121837018896-649802790936503936416776133"
1⤵
PID:2332

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-180659344419468507211154816031170477454-837072003129340142319720171351323271534"
1⤵
PID:1304

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1963814020-1159541593764890728-1170673336-84151578905773619-16864076091015262873"
1⤵
PID:2396

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "313523350-20123815061723482389-12219740518008765181349531204-756896310398739809"
1⤵
PID:860

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1639502767-1769081627-2406864231652737310-555639553539548407699954447-1937608667"
1⤵
PID:2944

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-897058669-21014545521702877359455739827-971490413914362376-1963851739-1186809173"
1⤵
PID:1524

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-2664264561289900341-16603976-405436322630708379-20139190821204447800-345874264"
1⤵
PID:1720

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "750697375-201798503220446499535447518731245313893-2144581209-914514255808120799"
1⤵
PID:2856

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1605266235116029205119390647351388498513-641044913-1297547063938846344252319168"
1⤵
PID:2376

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "12386454011363831125-2138781600209528546386650185-6345329592065855793552570292"
1⤵
PID:2548

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "10843212661392418796-916703089-43245434528054298-664422512-762076590549355510"
1⤵
PID:1940

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-18464249561413319074-11675692201260379836-832665177-25161149419795618181760385924"
1⤵
PID:2448

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "15450381121456017797-167363650-405894562-2089288071-3042429822146476112-857057089"
1⤵
PID:2712

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "2764351711528159262290471368-958211668-650745727-19292697952075533684-1113533871"
1⤵
PID:1944

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1552736889-19681037621196055025-191106815613447192762057915754-6789971561258885515"
1⤵
PID:896

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "639271868786376802-1726054597-46496624-15799412892046449871-1336808903-858162899"
1⤵
PID:1568

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "122962479319801969071099992945-1322218379-630220327-2103220377-898197496-1615539532"
1⤵
PID:1668

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-145703896610554062252053950519-14115542412368129051419285998111552469224312974"
1⤵
PID:1288

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "17144970171513172917-12822377791933169648-912342065-1001325089873692761-113001825"
1⤵
PID:1328

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1328702718-1694968855-1888729041735357620-187656023613250502211595246403-1012482471"
1⤵
PID:2636

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-714349610-17119389721569854814522611958-148678735119760099601713254850-892232257"
1⤵
PID:2700

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-2086708886185768076950101661-1705618349-1961046109-8733824931394152249-1639968042"
1⤵
PID:2528

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-51372726-1857088049-130854193820951944821599576428-92165841321345342872066734659"
1⤵
PID:2912

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1394728232-640389655-1093323502-1859681694-1235105979-15930377741579322541682442857"
1⤵
PID:2404

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1967698268-9986891211811608073-3577437281381590865244915032-3209358091711900281"
1⤵
PID:2176

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "175403056046407959914789275691694913806-5460493552112651612140374169-2064133906"
1⤵
PID:3040

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-2125253549-679144425537754005-1619233132-788286504-8642371672118035115-1439610960"
1⤵
PID:1564

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1910155768365200950-739381970152541521245580794-1410929934929418093135204097"
1⤵
PID:2596

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1169472625417145326-312974550-614634187-165397498918188398172099077644-2041514242"
1⤵
PID:2920

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1604524007-5117158231519284863-1987561521-979949814118495130820335232191458910343"
1⤵
PID:1636

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1386453425-6260782181976379339-5351726971110999611-2973284132520588391187234757"
1⤵
PID:2192

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-942534998-337814045638786488205046608-957531401-1658151136-513198237398837154"
1⤵
PID:2612

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-207247399114830057441853749363-1171616350-1834615762-1924525501725499275-629779946"
1⤵
PID:2512

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-7112362461285910792-1118441152-1835968566-364363033-19176066032029920671414921500"
1⤵
PID:1148

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-9264706521863823320-1287830441-813478737340280846127945033-864577243-71799221"
1⤵
PID:2908

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1287028665-330010079-1452497529486813012887302166966186291216785373-207336423"
1⤵
PID:2672

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1316704935-17309171161058276863-1287966145-843548798-9570706351999955449848704755"
1⤵
PID:2668

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-748504908-15512571292100069928684951091-890766271-1035352653-875593005-1148706000"
1⤵
PID:676

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "453175407-109453639-12774735311343362171124218543-2051832133-1945270581810434040"
1⤵
PID:2568

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-5571893892993663072134721482-6814784-1137859252-1491152369-66366086-1257062790"
1⤵
PID:2360

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1679384130679002957179545983-1158587736279619832-9233985981581426274-1599775968"
1⤵
PID:2740

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1791114470-11317498141266260591750122865-1902727081496939690-1377939810660047510"
1⤵
PID:2572

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1264216575-729283928320274171-123494741-15580826351660349966-1077015295-306121875"
1⤵
PID:2480

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-828408341918309213-1006521951106708835-1817825229-2001521965-1395136015689055971"
1⤵
PID:240

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1491212221561670272-1581576369836169180-981725712-20812226011993376489-456901810"
1⤵
PID:1804

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1199796502143152059220784384411886513054-1267503018-1812293899-707621274-1977521437"
1⤵
PID:2572

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1648657218-420076715-417424120-901464315-1818294631183472605512055667071075903861"
1⤵
PID:812

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-9508786301805718833-1687013229-1419189788-1550412057-7821618581959996081085652529"
1⤵
PID:2256

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-784365470194747558098867497-118562632-2068166903-1414691583-1796760331-1667658231"
1⤵
PID:1968

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "2073427727-3792555631877626391531152913-14801308181824426877-2022110378-975530740"
1⤵
PID:2344

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-2303615821269647234719531448-839799547213292340718537794792126700723-989057983"
1⤵
PID:2820

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1222415349-5067906701874518162287719252576414875-1132410113-94044029417181141"
1⤵
PID:996

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "4262498-888697130-1131210035129380950-1097737262-1426386604397897514-1730798197"
1⤵
PID:2900

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1393793041690065860-86553028783489288634503432-543392870-1434315478-105992563"
1⤵
PID:2620

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "919203407-181804521173096748-3093994171102136809-203011958310861028-2043461704"
1⤵
PID:2908

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "502639389220798004-1908928225135298215318468207541634317576-11150215321979230656"
1⤵
PID:1516

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-16421493181352663675421307576-1787604792-1085688499-409151230-1078852042-1607515046"
1⤵
PID:2508

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-2097065149-1647768388-754178122-15833025377431428422023777162-1219320716-2017194768"
1⤵
PID:1716

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-8097336771827826323-5841400972098140702184807619-797114083738061974-35703770"
1⤵
PID:2396

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "107876476514562774431069513237-2023309663-388460841-1778458483-17784962711411508933"
1⤵
PID:2904

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1493929465-44044267146580173113415951811556795511008768709-616992032111761968"
1⤵
PID:2304

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-900250619-4407230081206290223-15360705844669860171286151139-1761434471-667937546"
1⤵
PID:2744

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "4342423971852776719-1989097501408504226-5093115332016660793-5988176881969123516"
1⤵
PID:3012

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1107619588-99787307348252707-382776029540363968-1104054430-5269606871593192733"
1⤵
PID:1960

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\R$1-234-1323-78-4-2442.exe

Filesize
28KB

MD5
38d3831bfcdfdc36f9b383b79670a1cc

SHA1
a13e307d8f522ec12581dd3595369f1719d989db

SHA256
fe38970e0a1ec8a3445ba5896c4918ea854fa8f2ebd4a9532e8dfd403b8b8baa

SHA512
37f0bf22daab3d114d67bfb5677864807e625b3603341636e345719107ec59321b3bc48d0d04e568423b1f4b630bbaede2cd56ce7bba123d23aa483bfabb8865

Download Submit
memory/3064-0-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3064-937-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3064-3381-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download