Analysis Overview
SHA256
4851611ebb2a33698be0ed454cbaf495d86925ef472c6cdc5b799e259c573b3c
Threat Level: Known bad
The file 1fedfc97d52dc13ed6cebde7519bf7a8_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Modiloader family
ModiLoader Second Stage
ModiLoader, DBatLoader
ModiLoader Second Stage
Loads dropped DLL
Executes dropped EXE
Checks computer location settings
Adds Run key to start application
Drops file in System32 directory
Enumerates physical storage devices
Unsigned PE
Suspicious use of WriteProcessMemory
Modifies registry class
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-07 07:45
Signatures
ModiLoader Second Stage
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Modiloader family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-07 07:45
Reported
2024-05-07 07:47
Platform
win7-20240221-en
Max time kernel
68s
Max time network
122s
Command Line
Signatures
ModiLoader, DBatLoader
ModiLoader Second Stage
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
Loads dropped DLL
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File created | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File created | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File created | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File created | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File created | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File created | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File created | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File created | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File created | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File created | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File created | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File created | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File created | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File created | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File created | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File created | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File created | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File created | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File created | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File created | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File created | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File created | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File created | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File created | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File created | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vssms32.exe | C:\Users\Admin\AppData\Local\Temp\1fedfc97d52dc13ed6cebde7519bf7a8_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File created | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File created | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File created | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File created | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File created | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File created | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\1fedfc97d52dc13ed6cebde7519bf7a8_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\1fedfc97d52dc13ed6cebde7519bf7a8_JaffaCakes118.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49155 | tcp |
Files
memory/2104-0-0x00000000002E0000-0x00000000002E1000-memory.dmp
\Windows\SysWOW64\vssms32.exe
| MD5 | 1fedfc97d52dc13ed6cebde7519bf7a8 |
| SHA1 | a5586c63c2e4eb65ce4c3f1a3070e7e01fbba470 |
| SHA256 | 4851611ebb2a33698be0ed454cbaf495d86925ef472c6cdc5b799e259c573b3c |
| SHA512 | aa67f72731ff7045ae899d4ba2cf861149c8524c92e38de2eee0bb707745a87bff6a0c7210abdf3a3ebfb49e3d34edec4588f3ba167368c8a8b64a311aaa829e |
memory/2104-11-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/1188-16-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/2444-20-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/2732-24-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/2552-28-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/2508-32-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/2060-36-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/2924-39-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/3008-44-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/2424-47-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/1192-52-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/2696-56-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/2832-60-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/860-64-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/2112-68-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/2404-72-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/2092-73-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/704-74-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/2172-75-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/2392-76-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/2396-77-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/2884-78-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/1544-79-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/1304-80-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/900-81-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/1588-82-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/1940-83-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/2288-84-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/876-85-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/2012-86-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/1244-87-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/908-88-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/2584-89-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/2852-90-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/2444-91-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/2776-92-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/2500-93-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/1032-94-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/2508-95-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/1508-96-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/2476-97-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/1868-98-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/1932-99-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/1916-100-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/628-101-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/1192-102-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/2808-103-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/1084-104-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/1760-105-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/1276-106-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/336-107-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/1452-108-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/1040-109-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/1636-110-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/1804-111-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/1124-112-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/3016-113-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/1380-114-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/2276-115-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/1340-116-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/1304-117-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/900-118-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/1164-119-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/1500-120-0x0000000000400000-0x00000000004BD000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-07 07:45
Reported
2024-05-07 07:47
Platform
win10v2004-20240426-en
Max time kernel
147s
Max time network
150s
Command Line
Signatures
ModiLoader, DBatLoader
ModiLoader Second Stage
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\1fedfc97d52dc13ed6cebde7519bf7a8_JaffaCakes118.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\vssms32.exe | N/A |
Executes dropped EXE
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Users\Admin\AppData\Local\Temp\1fedfc97d52dc13ed6cebde7519bf7a8_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vssms32 = "C:\\Windows\\system32\\vssms32.exe" | C:\Windows\SysWOW64\vssms32.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File created | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File created | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File created | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File created | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File created | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File created | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File created | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File created | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File created | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File created | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File created | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File created | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File created | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File created | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File created | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File created | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File created | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File created | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File created | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File created | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File created | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File created | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File created | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File created | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File created | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File created | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File created | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File created | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File created | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vssms32.exe | C:\Users\Admin\AppData\Local\Temp\1fedfc97d52dc13ed6cebde7519bf7a8_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File created | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File created | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File created | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File created | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File created | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File created | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
| File created | C:\Windows\SysWOW64\vssms32.exe | C:\Windows\SysWOW64\vssms32.exe | N/A |
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Windows\SysWOW64\vssms32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Windows\SysWOW64\vssms32.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\1fedfc97d52dc13ed6cebde7519bf7a8_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\1fedfc97d52dc13ed6cebde7519bf7a8_JaffaCakes118.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
C:\Windows\SysWOW64\vssms32.exe
"C:\Windows\system32\vssms32.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.136.73.23.in-addr.arpa | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| GB | 23.73.138.131:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.138.73.23.in-addr.arpa | udp |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| US | 8.8.8.8:53 | 58.99.105.20.in-addr.arpa | udp |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| US | 8.8.8.8:53 | 139.53.16.96.in-addr.arpa | udp |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| US | 8.8.8.8:53 | 138.136.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| US | 8.8.8.8:53 | 122.10.44.20.in-addr.arpa | udp |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp | |
| N/A | 127.0.0.1:135 | tcp | |
| N/A | 127.0.0.1:49669 | tcp |
Files
memory/2876-0-0x0000000000A90000-0x0000000000A91000-memory.dmp
C:\Windows\SysWOW64\vssms32.exe
| MD5 | 1fedfc97d52dc13ed6cebde7519bf7a8 |
| SHA1 | a5586c63c2e4eb65ce4c3f1a3070e7e01fbba470 |
| SHA256 | 4851611ebb2a33698be0ed454cbaf495d86925ef472c6cdc5b799e259c573b3c |
| SHA512 | aa67f72731ff7045ae899d4ba2cf861149c8524c92e38de2eee0bb707745a87bff6a0c7210abdf3a3ebfb49e3d34edec4588f3ba167368c8a8b64a311aaa829e |
memory/2704-35-0x0000000000750000-0x0000000000751000-memory.dmp
memory/2876-34-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/2704-37-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/4440-39-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/3012-41-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/4576-43-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/3488-45-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/4432-47-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/3496-49-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/1084-51-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/4540-53-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/1892-55-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/4788-57-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/3544-59-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/972-61-0x0000000000400000-0x00000000004BD000-memory.dmp
\??\PIPE\srvsvc
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/3908-64-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/3272-66-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/1468-68-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/2592-71-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/4840-73-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/2136-75-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/2704-77-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/2412-79-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/3356-81-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/1376-84-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/1988-86-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/1356-88-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/1824-90-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/2172-92-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/1892-94-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/1172-96-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/3544-99-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/4544-101-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/208-103-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/1160-105-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/1520-107-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/1936-108-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/2456-109-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/4168-110-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/4264-111-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/1924-112-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/1620-113-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/2324-114-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/2676-115-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/1756-116-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/2320-117-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/632-118-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/4860-119-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/2172-120-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/5036-121-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/4992-122-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/4008-123-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/972-124-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/3908-125-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/4824-126-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/1928-127-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/3248-128-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/2084-129-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/3736-130-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/228-131-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/5020-132-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/1780-133-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/3644-134-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/4556-135-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/5040-136-0x0000000000400000-0x00000000004BD000-memory.dmp