Analysis

  • max time kernel
    97s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    27-06-2024 14:42

General

  • Target

    1660787357af48f603acaf97119525bd_JaffaCakes118.exe

  • Size

    744KB

  • MD5

    1660787357af48f603acaf97119525bd

  • SHA1

    2522a2ef048cdf55caf15f92c5192b39b0818dbb

  • SHA256

    a893ac99476053412b9babeb140857f437a335ea44fefd2b18752218666d4528

  • SHA512

    fdcf7f304049f84f123ebc48eede32fb7e42e24ef7e8f4c1ae5d6144ee694dfb523b7d566825fff5488cb717505727cb8efa99fdc4c89b73c9c1aa48d1b6d973

  • SSDEEP

    12288:i8UaT9XY2siA0bMG09xD7I3Gg8ecgVvfBoCDBOQQYbVXpuy1f/gORix:XUKoN0bUxgGa/pfBHDb+y1HgZ

Malware Config

Signatures

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

  • Modifies WinLogon for persistence 2 TTPs 64 IoCs
  • Executes dropped EXE 64 IoCs
  • Loads dropped DLL 64 IoCs
  • Adds Run key to start application 2 TTPs 64 IoCs
  • Drops file in System32 directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1660787357af48f603acaf97119525bd_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\1660787357af48f603acaf97119525bd_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2076
    • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
      "C:\Windows\system32\MSDCSC\msdcsc.exe"
      2⤵
      • Modifies WinLogon for persistence
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2732
      • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
        "C:\Windows\system32\MSDCSC\msdcsc.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in System32 directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2724
        • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
          "C:\Windows\system32\MSDCSC\msdcsc.exe"
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Suspicious use of WriteProcessMemory
          PID:2564
          • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
            "C:\Windows\system32\MSDCSC\msdcsc.exe"
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Drops file in System32 directory
            • Suspicious use of WriteProcessMemory
            PID:2512
            • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
              "C:\Windows\system32\MSDCSC\msdcsc.exe"
              6⤵
              • Modifies WinLogon for persistence
              • Executes dropped EXE
              • Loads dropped DLL
              • Suspicious use of WriteProcessMemory
              PID:2876
              • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                "C:\Windows\system32\MSDCSC\msdcsc.exe"
                7⤵
                • Executes dropped EXE
                • Loads dropped DLL
                • Adds Run key to start application
                • Suspicious use of WriteProcessMemory
                PID:2424
                • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                  "C:\Windows\system32\MSDCSC\msdcsc.exe"
                  8⤵
                  • Executes dropped EXE
                  • Loads dropped DLL
                  • Suspicious use of WriteProcessMemory
                  PID:2740
                  • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                    "C:\Windows\system32\MSDCSC\msdcsc.exe"
                    9⤵
                    • Executes dropped EXE
                    • Loads dropped DLL
                    • Drops file in System32 directory
                    • Suspicious use of WriteProcessMemory
                    PID:624
                    • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                      "C:\Windows\system32\MSDCSC\msdcsc.exe"
                      10⤵
                      • Executes dropped EXE
                      • Loads dropped DLL
                      • Drops file in System32 directory
                      • Suspicious use of WriteProcessMemory
                      PID:1056
                      • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                        "C:\Windows\system32\MSDCSC\msdcsc.exe"
                        11⤵
                        • Executes dropped EXE
                        • Loads dropped DLL
                        • Drops file in System32 directory
                        • Suspicious use of WriteProcessMemory
                        PID:1620
                        • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                          "C:\Windows\system32\MSDCSC\msdcsc.exe"
                          12⤵
                          • Executes dropped EXE
                          • Loads dropped DLL
                          • Adds Run key to start application
                          • Suspicious use of WriteProcessMemory
                          PID:1408
                          • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                            "C:\Windows\system32\MSDCSC\msdcsc.exe"
                            13⤵
                            • Modifies WinLogon for persistence
                            • Executes dropped EXE
                            • Loads dropped DLL
                            • Suspicious use of WriteProcessMemory
                            PID:2272
                            • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                              "C:\Windows\system32\MSDCSC\msdcsc.exe"
                              14⤵
                              • Executes dropped EXE
                              • Loads dropped DLL
                              • Drops file in System32 directory
                              • Suspicious use of WriteProcessMemory
                              PID:2428
                              • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                15⤵
                                • Modifies WinLogon for persistence
                                • Executes dropped EXE
                                • Loads dropped DLL
                                • Adds Run key to start application
                                • Suspicious use of WriteProcessMemory
                                PID:2160
                                • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                  "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                  16⤵
                                  • Executes dropped EXE
                                  • Loads dropped DLL
                                  • Suspicious use of WriteProcessMemory
                                  PID:1052
                                  • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                    "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                    17⤵
                                    • Modifies WinLogon for persistence
                                    • Executes dropped EXE
                                    • Loads dropped DLL
                                    PID:604
                                    • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                      "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                      18⤵
                                      • Executes dropped EXE
                                      • Loads dropped DLL
                                      PID:1896
                                      • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                        "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                        19⤵
                                        • Modifies WinLogon for persistence
                                        • Executes dropped EXE
                                        • Loads dropped DLL
                                        PID:2064
                                        • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                          "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                          20⤵
                                          • Executes dropped EXE
                                          • Loads dropped DLL
                                          • Adds Run key to start application
                                          PID:1544
                                          • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                            "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                            21⤵
                                            • Modifies WinLogon for persistence
                                            • Executes dropped EXE
                                            • Loads dropped DLL
                                            PID:1320
                                            • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                              "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                              22⤵
                                              • Executes dropped EXE
                                              • Loads dropped DLL
                                              PID:348
                                              • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                23⤵
                                                • Executes dropped EXE
                                                • Loads dropped DLL
                                                • Adds Run key to start application
                                                • Drops file in System32 directory
                                                PID:3040
                                                • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                  "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                  24⤵
                                                  • Executes dropped EXE
                                                  • Loads dropped DLL
                                                  • Adds Run key to start application
                                                  PID:2020
                                                  • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                    "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                    25⤵
                                                    • Executes dropped EXE
                                                    • Loads dropped DLL
                                                    PID:2072
                                                    • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                      "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                      26⤵
                                                      • Modifies WinLogon for persistence
                                                      • Executes dropped EXE
                                                      • Loads dropped DLL
                                                      PID:1752
                                                      • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                        "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                        27⤵
                                                        • Executes dropped EXE
                                                        • Loads dropped DLL
                                                        • Adds Run key to start application
                                                        PID:2832
                                                        • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                          "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                          28⤵
                                                          • Modifies WinLogon for persistence
                                                          • Executes dropped EXE
                                                          • Loads dropped DLL
                                                          PID:2884
                                                          • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                            "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                            29⤵
                                                            • Executes dropped EXE
                                                            • Loads dropped DLL
                                                            PID:2932
                                                            • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                              "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                              30⤵
                                                              • Executes dropped EXE
                                                              • Loads dropped DLL
                                                              • Adds Run key to start application
                                                              PID:2560
                                                              • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                31⤵
                                                                • Executes dropped EXE
                                                                • Loads dropped DLL
                                                                • Adds Run key to start application
                                                                PID:2908
                                                                • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                  "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                  32⤵
                                                                  • Executes dropped EXE
                                                                  • Loads dropped DLL
                                                                  PID:2688
                                                                  • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                    "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                    33⤵
                                                                    • Modifies WinLogon for persistence
                                                                    • Executes dropped EXE
                                                                    • Adds Run key to start application
                                                                    PID:2564
                                                                    • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                      "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                      34⤵
                                                                      • Executes dropped EXE
                                                                      • Drops file in System32 directory
                                                                      PID:2152
                                                                      • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                        "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                        35⤵
                                                                        • Executes dropped EXE
                                                                        • Adds Run key to start application
                                                                        • Drops file in System32 directory
                                                                        PID:1536
                                                                        • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                          "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                          36⤵
                                                                          • Executes dropped EXE
                                                                          • Adds Run key to start application
                                                                          • Drops file in System32 directory
                                                                          PID:2776
                                                                          • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                            "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                            37⤵
                                                                            • Executes dropped EXE
                                                                            PID:1816
                                                                            • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                              "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                              38⤵
                                                                              • Executes dropped EXE
                                                                              • Drops file in System32 directory
                                                                              PID:2488
                                                                              • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                39⤵
                                                                                • Modifies WinLogon for persistence
                                                                                • Executes dropped EXE
                                                                                • Adds Run key to start application
                                                                                • Drops file in System32 directory
                                                                                PID:1512
                                                                                • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                  "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                  40⤵
                                                                                  • Executes dropped EXE
                                                                                  • Adds Run key to start application
                                                                                  PID:624
                                                                                  • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                    "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                    41⤵
                                                                                    • Modifies WinLogon for persistence
                                                                                    • Executes dropped EXE
                                                                                    • Adds Run key to start application
                                                                                    PID:1868
                                                                                    • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                      "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                      42⤵
                                                                                      • Executes dropped EXE
                                                                                      • Drops file in System32 directory
                                                                                      PID:2232
                                                                                      • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                        "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                        43⤵
                                                                                        • Modifies WinLogon for persistence
                                                                                        • Executes dropped EXE
                                                                                        • Adds Run key to start application
                                                                                        PID:2136
                                                                                        • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                          "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                          44⤵
                                                                                          • Executes dropped EXE
                                                                                          PID:2392
                                                                                          • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                            "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                            45⤵
                                                                                            • Executes dropped EXE
                                                                                            • Adds Run key to start application
                                                                                            PID:1296
                                                                                            • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                              "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                              46⤵
                                                                                              • Executes dropped EXE
                                                                                              PID:2632
                                                                                              • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                47⤵
                                                                                                • Modifies WinLogon for persistence
                                                                                                • Executes dropped EXE
                                                                                                • Drops file in System32 directory
                                                                                                PID:600
                                                                                                • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                  "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                  48⤵
                                                                                                  • Executes dropped EXE
                                                                                                  • Drops file in System32 directory
                                                                                                  PID:1092
                                                                                                  • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                    "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                    49⤵
                                                                                                    • Executes dropped EXE
                                                                                                    PID:660
                                                                                                    • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                      "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                      50⤵
                                                                                                      • Executes dropped EXE
                                                                                                      • Drops file in System32 directory
                                                                                                      PID:2400
                                                                                                      • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                        "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                        51⤵
                                                                                                        • Modifies WinLogon for persistence
                                                                                                        • Executes dropped EXE
                                                                                                        • Adds Run key to start application
                                                                                                        PID:1788
                                                                                                        • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                          "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                          52⤵
                                                                                                          • Executes dropped EXE
                                                                                                          • Adds Run key to start application
                                                                                                          PID:288
                                                                                                          • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                            "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                            53⤵
                                                                                                            • Executes dropped EXE
                                                                                                            • Adds Run key to start application
                                                                                                            • Drops file in System32 directory
                                                                                                            PID:1796
                                                                                                            • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                              "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                              54⤵
                                                                                                              • Modifies WinLogon for persistence
                                                                                                              • Executes dropped EXE
                                                                                                              • Drops file in System32 directory
                                                                                                              PID:3012
                                                                                                              • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                55⤵
                                                                                                                • Executes dropped EXE
                                                                                                                • Drops file in System32 directory
                                                                                                                PID:904
                                                                                                                • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                  "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                  56⤵
                                                                                                                  • Executes dropped EXE
                                                                                                                  PID:1972
                                                                                                                  • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                    "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                    57⤵
                                                                                                                    • Executes dropped EXE
                                                                                                                    • Adds Run key to start application
                                                                                                                    • Drops file in System32 directory
                                                                                                                    PID:2020
                                                                                                                    • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                      "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                      58⤵
                                                                                                                      • Modifies WinLogon for persistence
                                                                                                                      • Executes dropped EXE
                                                                                                                      PID:2072
                                                                                                                      • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                        "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                        59⤵
                                                                                                                        • Modifies WinLogon for persistence
                                                                                                                        • Executes dropped EXE
                                                                                                                        • Drops file in System32 directory
                                                                                                                        PID:2304
                                                                                                                        • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                          "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                          60⤵
                                                                                                                          • Modifies WinLogon for persistence
                                                                                                                          • Executes dropped EXE
                                                                                                                          • Adds Run key to start application
                                                                                                                          PID:1588
                                                                                                                          • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                            "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                            61⤵
                                                                                                                            • Executes dropped EXE
                                                                                                                            PID:2288
                                                                                                                            • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                              "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                              62⤵
                                                                                                                              • Executes dropped EXE
                                                                                                                              • Adds Run key to start application
                                                                                                                              PID:2168
                                                                                                                              • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                63⤵
                                                                                                                                • Executes dropped EXE
                                                                                                                                PID:2600
                                                                                                                                • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                  "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                  64⤵
                                                                                                                                  • Executes dropped EXE
                                                                                                                                  • Adds Run key to start application
                                                                                                                                  PID:2676
                                                                                                                                  • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                    "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                    65⤵
                                                                                                                                    • Modifies WinLogon for persistence
                                                                                                                                    • Executes dropped EXE
                                                                                                                                    • Drops file in System32 directory
                                                                                                                                    PID:2460
                                                                                                                                    • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                      "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                      66⤵
                                                                                                                                      • Adds Run key to start application
                                                                                                                                      PID:2176
                                                                                                                                      • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                        "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                        67⤵
                                                                                                                                          PID:1268
                                                                                                                                          • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                            "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                            68⤵
                                                                                                                                            • Modifies WinLogon for persistence
                                                                                                                                            PID:2752
                                                                                                                                            • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                              "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                              69⤵
                                                                                                                                                PID:2552
                                                                                                                                                • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                  "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                  70⤵
                                                                                                                                                  • Adds Run key to start application
                                                                                                                                                  PID:2316
                                                                                                                                                  • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                    "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                    71⤵
                                                                                                                                                      PID:2348
                                                                                                                                                      • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                        "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                        72⤵
                                                                                                                                                        • Modifies WinLogon for persistence
                                                                                                                                                        PID:2244
                                                                                                                                                        • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                          "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                          73⤵
                                                                                                                                                            PID:1884
                                                                                                                                                            • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                              "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                              74⤵
                                                                                                                                                              • Modifies WinLogon for persistence
                                                                                                                                                              • Drops file in System32 directory
                                                                                                                                                              PID:1772
                                                                                                                                                              • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                75⤵
                                                                                                                                                                • Adds Run key to start application
                                                                                                                                                                PID:880
                                                                                                                                                                • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                  "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                  76⤵
                                                                                                                                                                  • Adds Run key to start application
                                                                                                                                                                  PID:1952
                                                                                                                                                                  • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                    "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                    77⤵
                                                                                                                                                                    • Adds Run key to start application
                                                                                                                                                                    PID:2396
                                                                                                                                                                    • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                      "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                      78⤵
                                                                                                                                                                      • Modifies WinLogon for persistence
                                                                                                                                                                      PID:2144
                                                                                                                                                                      • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                        "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                        79⤵
                                                                                                                                                                        • Modifies WinLogon for persistence
                                                                                                                                                                        • Drops file in System32 directory
                                                                                                                                                                        PID:324
                                                                                                                                                                        • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                          "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                          80⤵
                                                                                                                                                                          • Adds Run key to start application
                                                                                                                                                                          • Drops file in System32 directory
                                                                                                                                                                          PID:2160
                                                                                                                                                                          • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                            "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                            81⤵
                                                                                                                                                                            • Drops file in System32 directory
                                                                                                                                                                            PID:1832
                                                                                                                                                                            • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                              "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                              82⤵
                                                                                                                                                                                PID:1092
                                                                                                                                                                                • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                  "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                  83⤵
                                                                                                                                                                                    PID:588
                                                                                                                                                                                    • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                      "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                      84⤵
                                                                                                                                                                                      • Modifies WinLogon for persistence
                                                                                                                                                                                      • Adds Run key to start application
                                                                                                                                                                                      PID:2400
                                                                                                                                                                                      • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                        "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                        85⤵
                                                                                                                                                                                        • Adds Run key to start application
                                                                                                                                                                                        PID:1760
                                                                                                                                                                                        • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                          "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                          86⤵
                                                                                                                                                                                          • Modifies WinLogon for persistence
                                                                                                                                                                                          • Adds Run key to start application
                                                                                                                                                                                          • Drops file in System32 directory
                                                                                                                                                                                          PID:1376
                                                                                                                                                                                          • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                            "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                            87⤵
                                                                                                                                                                                              PID:2852
                                                                                                                                                                                              • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                88⤵
                                                                                                                                                                                                • Modifies WinLogon for persistence
                                                                                                                                                                                                • Drops file in System32 directory
                                                                                                                                                                                                PID:1068
                                                                                                                                                                                                • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                  "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                  89⤵
                                                                                                                                                                                                    PID:2992
                                                                                                                                                                                                    • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                      "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                      90⤵
                                                                                                                                                                                                      • Drops file in System32 directory
                                                                                                                                                                                                      PID:1700
                                                                                                                                                                                                      • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                        "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                        91⤵
                                                                                                                                                                                                          PID:1568
                                                                                                                                                                                                          • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                            "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                            92⤵
                                                                                                                                                                                                            • Adds Run key to start application
                                                                                                                                                                                                            PID:2212
                                                                                                                                                                                                            • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                              "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                              93⤵
                                                                                                                                                                                                                PID:2384
                                                                                                                                                                                                                • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                  "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                  94⤵
                                                                                                                                                                                                                    PID:2252
                                                                                                                                                                                                                    • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                      "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                      95⤵
                                                                                                                                                                                                                        PID:2764
                                                                                                                                                                                                                        • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                          "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                          96⤵
                                                                                                                                                                                                                          • Adds Run key to start application
                                                                                                                                                                                                                          PID:2500
                                                                                                                                                                                                                          • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                            "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                            97⤵
                                                                                                                                                                                                                            • Modifies WinLogon for persistence
                                                                                                                                                                                                                            PID:2492
                                                                                                                                                                                                                            • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                              "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                              98⤵
                                                                                                                                                                                                                              • Adds Run key to start application
                                                                                                                                                                                                                              PID:1728
                                                                                                                                                                                                                              • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                99⤵
                                                                                                                                                                                                                                • Modifies WinLogon for persistence
                                                                                                                                                                                                                                PID:2420
                                                                                                                                                                                                                                • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                  "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                  100⤵
                                                                                                                                                                                                                                  • Modifies WinLogon for persistence
                                                                                                                                                                                                                                  • Drops file in System32 directory
                                                                                                                                                                                                                                  PID:1200
                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                    "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                    101⤵
                                                                                                                                                                                                                                    • Modifies WinLogon for persistence
                                                                                                                                                                                                                                    • Drops file in System32 directory
                                                                                                                                                                                                                                    PID:2700
                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                      "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                      102⤵
                                                                                                                                                                                                                                      • Modifies WinLogon for persistence
                                                                                                                                                                                                                                      PID:2372
                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                        "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                        103⤵
                                                                                                                                                                                                                                          PID:1808
                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                            "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                            104⤵
                                                                                                                                                                                                                                            • Drops file in System32 directory
                                                                                                                                                                                                                                            PID:2256
                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                              "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                              105⤵
                                                                                                                                                                                                                                              • Drops file in System32 directory
                                                                                                                                                                                                                                              PID:1828
                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                106⤵
                                                                                                                                                                                                                                                • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                • Drops file in System32 directory
                                                                                                                                                                                                                                                PID:2228
                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                  "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                  107⤵
                                                                                                                                                                                                                                                    PID:2132
                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                      "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                      108⤵
                                                                                                                                                                                                                                                      • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                      PID:2768
                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                        "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                        109⤵
                                                                                                                                                                                                                                                          PID:2204
                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                            "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                            110⤵
                                                                                                                                                                                                                                                            • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                            • Drops file in System32 directory
                                                                                                                                                                                                                                                            PID:1284
                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                              "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                              111⤵
                                                                                                                                                                                                                                                              • Adds Run key to start application
                                                                                                                                                                                                                                                              • Drops file in System32 directory
                                                                                                                                                                                                                                                              PID:2628
                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                112⤵
                                                                                                                                                                                                                                                                  PID:796
                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                    "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                    113⤵
                                                                                                                                                                                                                                                                    • Drops file in System32 directory
                                                                                                                                                                                                                                                                    PID:1052
                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                      "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                      114⤵
                                                                                                                                                                                                                                                                      • Adds Run key to start application
                                                                                                                                                                                                                                                                      PID:2632
                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                        "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                        115⤵
                                                                                                                                                                                                                                                                          PID:836
                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                            "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                            116⤵
                                                                                                                                                                                                                                                                              PID:588
                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                117⤵
                                                                                                                                                                                                                                                                                • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                PID:1896
                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                  "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                  118⤵
                                                                                                                                                                                                                                                                                  • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                  PID:1760
                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                    "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                    119⤵
                                                                                                                                                                                                                                                                                    • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                    • Adds Run key to start application
                                                                                                                                                                                                                                                                                    PID:1376
                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                      "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                      120⤵
                                                                                                                                                                                                                                                                                      • Adds Run key to start application
                                                                                                                                                                                                                                                                                      PID:920
                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                        "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                        121⤵
                                                                                                                                                                                                                                                                                        • Drops file in System32 directory
                                                                                                                                                                                                                                                                                        PID:1068
                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                          "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                          122⤵
                                                                                                                                                                                                                                                                                          • Drops file in System32 directory
                                                                                                                                                                                                                                                                                          PID:2992
                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                            "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                            123⤵
                                                                                                                                                                                                                                                                                              PID:1700
                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                124⤵
                                                                                                                                                                                                                                                                                                • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                PID:1568
                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                  "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                  125⤵
                                                                                                                                                                                                                                                                                                  • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                  PID:2212
                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                    "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                    126⤵
                                                                                                                                                                                                                                                                                                    • Adds Run key to start application
                                                                                                                                                                                                                                                                                                    PID:2384
                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                      "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                      127⤵
                                                                                                                                                                                                                                                                                                      • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                      • Adds Run key to start application
                                                                                                                                                                                                                                                                                                      PID:2252
                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                        "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                        128⤵
                                                                                                                                                                                                                                                                                                          PID:1748
                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                            "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                            129⤵
                                                                                                                                                                                                                                                                                                            • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                            PID:2500
                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                              "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                              130⤵
                                                                                                                                                                                                                                                                                                                PID:2524
                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                  "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                  131⤵
                                                                                                                                                                                                                                                                                                                  • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                  • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                  PID:1728
                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                    "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                    132⤵
                                                                                                                                                                                                                                                                                                                      PID:2752
                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                        "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                        133⤵
                                                                                                                                                                                                                                                                                                                          PID:1200
                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                            "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                            134⤵
                                                                                                                                                                                                                                                                                                                            • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                            PID:2700
                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                              "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                              135⤵
                                                                                                                                                                                                                                                                                                                              • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                              PID:1900
                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                136⤵
                                                                                                                                                                                                                                                                                                                                  PID:2012
                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                    "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                    137⤵
                                                                                                                                                                                                                                                                                                                                      PID:1868
                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                        "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                        138⤵
                                                                                                                                                                                                                                                                                                                                        • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                        PID:1468
                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                          "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                          139⤵
                                                                                                                                                                                                                                                                                                                                            PID:2100
                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                              "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                              140⤵
                                                                                                                                                                                                                                                                                                                                              • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                              PID:1952
                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                141⤵
                                                                                                                                                                                                                                                                                                                                                  PID:2396
                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                    "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                    142⤵
                                                                                                                                                                                                                                                                                                                                                    • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                    PID:2096
                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                      "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                      143⤵
                                                                                                                                                                                                                                                                                                                                                        PID:488
                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                          "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                          144⤵
                                                                                                                                                                                                                                                                                                                                                            PID:1628
                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                              "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                              145⤵
                                                                                                                                                                                                                                                                                                                                                              • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                              • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                              PID:2052
                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                146⤵
                                                                                                                                                                                                                                                                                                                                                                • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                PID:552
                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                  "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                  147⤵
                                                                                                                                                                                                                                                                                                                                                                    PID:660
                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                      "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                      148⤵
                                                                                                                                                                                                                                                                                                                                                                      • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                      PID:1352
                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                        "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                        149⤵
                                                                                                                                                                                                                                                                                                                                                                          PID:2344
                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                            150⤵
                                                                                                                                                                                                                                                                                                                                                                            • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                                                            PID:312
                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                              "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                              151⤵
                                                                                                                                                                                                                                                                                                                                                                              • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                              PID:1376
                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                152⤵
                                                                                                                                                                                                                                                                                                                                                                                • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                                • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                                                                PID:904
                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                  "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                  153⤵
                                                                                                                                                                                                                                                                                                                                                                                    PID:2032
                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                      "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                      154⤵
                                                                                                                                                                                                                                                                                                                                                                                      • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                                      PID:2916
                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                        "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                        155⤵
                                                                                                                                                                                                                                                                                                                                                                                          PID:2332
                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                            156⤵
                                                                                                                                                                                                                                                                                                                                                                                            • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                                            PID:2304
                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                              "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                              157⤵
                                                                                                                                                                                                                                                                                                                                                                                                PID:2456
                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                  158⤵
                                                                                                                                                                                                                                                                                                                                                                                                  • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                                                  • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                                                                                  PID:2600
                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                    159⤵
                                                                                                                                                                                                                                                                                                                                                                                                    • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                                                                                    PID:2468
                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                      "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                      160⤵
                                                                                                                                                                                                                                                                                                                                                                                                      • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                                                      • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                                                                                      PID:2452
                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                        "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                        161⤵
                                                                                                                                                                                                                                                                                                                                                                                                        • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                                                        PID:2512
                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                          "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                          162⤵
                                                                                                                                                                                                                                                                                                                                                                                                          • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                                                          PID:2880
                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                            163⤵
                                                                                                                                                                                                                                                                                                                                                                                                              PID:1504
                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                164⤵
                                                                                                                                                                                                                                                                                                                                                                                                                • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                                                                PID:2540
                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                  165⤵
                                                                                                                                                                                                                                                                                                                                                                                                                  • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                                                                  PID:2260
                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                    166⤵
                                                                                                                                                                                                                                                                                                                                                                                                                      PID:1768
                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                        167⤵
                                                                                                                                                                                                                                                                                                                                                                                                                          PID:1512
                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                            168⤵
                                                                                                                                                                                                                                                                                                                                                                                                                            • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                                                                            • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                                                                            PID:2224
                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                              169⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                PID:1780
                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                  170⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:2140
                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                    171⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                    • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:2320
                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                      172⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:1952
                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                          "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                          173⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:2120
                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                            174⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:2096
                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                175⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                                                                                                • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:324
                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                  176⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:1628
                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                    177⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:3056
                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                      "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                      178⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                      • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                                                                                                      • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:1460
                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                        "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                        179⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:2800
                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                            180⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:1788
                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                              "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                              181⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                              • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                                                                                                              • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:2472
                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                182⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:2668
                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                  183⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:1500
                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                      "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                      184⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:2852
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          185⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:2008
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            186⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:1252
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              187⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:1720
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                188⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:2992
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  189⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:2836
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    190⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:1568
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      191⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:2596
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          192⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:2504
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            193⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:2252
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                194⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:2528
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  195⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:2152
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      196⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:2460
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        197⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:1728
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          198⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:812
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            199⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:2700
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              200⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:2692
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  201⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:1032
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    202⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:2244
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      203⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:908
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          204⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:1328
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              205⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:2108
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  206⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:2164
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      207⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:2144
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          208⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:684
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              209⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:1624
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  210⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:3064
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      211⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:1360
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          212⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:452
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              213⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:2112
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  214⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:1316
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      215⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:1788
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          216⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:2684
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              217⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:968
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  218⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:2964
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      219⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:3012
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          220⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:920
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              221⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:2292
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  222⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:888
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      223⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:2992
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          224⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:2636
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              225⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:1568
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  226⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:2600
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      227⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:2480
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          228⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:2252
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              229⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:2588
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  230⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:1848
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      231⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:1564
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          232⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:2540
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              233⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:1680
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  234⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:1900
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      235⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:1828
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          236⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:880
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              237⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:1332
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  238⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:1660
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      239⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:2320
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          240⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:600
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              241⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:3008
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  242⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:684
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      243⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:1624
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          244⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:840
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              245⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:1960
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  246⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:1652
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      247⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:1128
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          248⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:2640
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              249⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:2668
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  250⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:1544
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      251⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:2852
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          252⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:1376
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              253⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:1696
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  254⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:2032
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      255⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:2916
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          256⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:2212
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              257⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:2616
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  258⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:2384
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      259⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:2688
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          260⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:2600
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              261⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:1880
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  262⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:2252
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      263⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:2588
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          264⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:1848
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              265⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:1816
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  266⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:2848
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      267⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:1808
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          268⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:2360
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              269⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:1572
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  270⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:2820
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      271⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:892
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          272⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:2428
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              273⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:908
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  274⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:596
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      275⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:2144
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          276⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:3008
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              277⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:684
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  278⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:1624
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      279⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:1052
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          280⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:660
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              281⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:2784
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  282⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:2604
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      283⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:2576
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          284⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:320
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              285⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:700
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  286⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:304
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      287⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:2300
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          288⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:1696
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              289⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:2032
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  290⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:2916
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      291⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:2212
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          292⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:2616
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              293⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:2908
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  294⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:2468
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      295⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:2500
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          296⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:2460
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              297⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:2040
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  298⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:2752
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      299⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:1656
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          300⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:2372
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              "C:\Windows\system32\MSDCSC\msdcsc.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              301⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:2316

                                                                                                                                                                                                                                                                                                      Network

                                                                                                                                                                                                                                                                                                      MITRE ATT&CK Enterprise v15

                                                                                                                                                                                                                                                                                                      Replay Monitor

                                                                                                                                                                                                                                                                                                      Loading Replay Monitor...

                                                                                                                                                                                                                                                                                                      Downloads

                                                                                                                                                                                                                                                                                                      • \??\PIPE\srvsvc

                                                                                                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                                                                                                        d41d8cd98f00b204e9800998ecf8427e

                                                                                                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                                                                                                        da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                                                                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                                                                                                        e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                                                                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                                                                                                        cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                                                                                                                                                                                                                                                                      • \Windows\SysWOW64\MSDCSC\msdcsc.exe

                                                                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                                                                        744KB

                                                                                                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                                                                                                        1660787357af48f603acaf97119525bd

                                                                                                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                                                                                                        2522a2ef048cdf55caf15f92c5192b39b0818dbb

                                                                                                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                                                                                                        a893ac99476053412b9babeb140857f437a335ea44fefd2b18752218666d4528

                                                                                                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                                                                                                        fdcf7f304049f84f123ebc48eede32fb7e42e24ef7e8f4c1ae5d6144ee694dfb523b7d566825fff5488cb717505727cb8efa99fdc4c89b73c9c1aa48d1b6d973

                                                                                                                                                                                                                                                                                                      • memory/288-115-0x0000000000400000-0x00000000004C7000-memory.dmp

                                                                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                                                                        796KB

                                                                                                                                                                                                                                                                                                      • memory/348-81-0x0000000000400000-0x00000000004C7000-memory.dmp

                                                                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                                                                        796KB

                                                                                                                                                                                                                                                                                                      • memory/600-110-0x0000000000400000-0x00000000004C7000-memory.dmp

                                                                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                                                                        796KB

                                                                                                                                                                                                                                                                                                      • memory/604-76-0x0000000000400000-0x00000000004C7000-memory.dmp

                                                                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                                                                        796KB

                                                                                                                                                                                                                                                                                                      • memory/624-103-0x0000000000400000-0x00000000004C7000-memory.dmp

                                                                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                                                                        796KB

                                                                                                                                                                                                                                                                                                      • memory/624-45-0x0000000000400000-0x00000000004C7000-memory.dmp

                                                                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                                                                        796KB

                                                                                                                                                                                                                                                                                                      • memory/660-112-0x0000000000400000-0x00000000004C7000-memory.dmp

                                                                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                                                                        796KB

                                                                                                                                                                                                                                                                                                      • memory/904-118-0x0000000000400000-0x00000000004C7000-memory.dmp

                                                                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                                                                        796KB

                                                                                                                                                                                                                                                                                                      • memory/1052-73-0x0000000000400000-0x00000000004C7000-memory.dmp

                                                                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                                                                        796KB

                                                                                                                                                                                                                                                                                                      • memory/1056-49-0x0000000000400000-0x00000000004C7000-memory.dmp

                                                                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                                                                        796KB

                                                                                                                                                                                                                                                                                                      • memory/1092-111-0x0000000000400000-0x00000000004C7000-memory.dmp

                                                                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                                                                        796KB

                                                                                                                                                                                                                                                                                                      • memory/1296-108-0x0000000000400000-0x00000000004C7000-memory.dmp

                                                                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                                                                        796KB

                                                                                                                                                                                                                                                                                                      • memory/1320-80-0x0000000000400000-0x00000000004C7000-memory.dmp

                                                                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                                                                        796KB

                                                                                                                                                                                                                                                                                                      • memory/1408-56-0x0000000000400000-0x00000000004C7000-memory.dmp

                                                                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                                                                        796KB

                                                                                                                                                                                                                                                                                                      • memory/1512-102-0x0000000000400000-0x00000000004C7000-memory.dmp

                                                                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                                                                        796KB

                                                                                                                                                                                                                                                                                                      • memory/1536-98-0x0000000000400000-0x00000000004C7000-memory.dmp

                                                                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                                                                        796KB

                                                                                                                                                                                                                                                                                                      • memory/1544-79-0x0000000000400000-0x00000000004C7000-memory.dmp

                                                                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                                                                        796KB

                                                                                                                                                                                                                                                                                                      • memory/1588-123-0x0000000000400000-0x00000000004C7000-memory.dmp

                                                                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                                                                        796KB

                                                                                                                                                                                                                                                                                                      • memory/1620-53-0x0000000000400000-0x00000000004C7000-memory.dmp

                                                                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                                                                        796KB

                                                                                                                                                                                                                                                                                                      • memory/1752-85-0x0000000000400000-0x00000000004C7000-memory.dmp

                                                                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                                                                        796KB

                                                                                                                                                                                                                                                                                                      • memory/1788-114-0x0000000000400000-0x00000000004C7000-memory.dmp

                                                                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                                                                        796KB

                                                                                                                                                                                                                                                                                                      • memory/1796-116-0x0000000000400000-0x00000000004C7000-memory.dmp

                                                                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                                                                        796KB

                                                                                                                                                                                                                                                                                                      • memory/1816-100-0x0000000000400000-0x00000000004C7000-memory.dmp

                                                                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                                                                        796KB

                                                                                                                                                                                                                                                                                                      • memory/1868-104-0x0000000000400000-0x00000000004C7000-memory.dmp

                                                                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                                                                        796KB

                                                                                                                                                                                                                                                                                                      • memory/1896-77-0x0000000000400000-0x00000000004C7000-memory.dmp

                                                                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                                                                        796KB

                                                                                                                                                                                                                                                                                                      • memory/1972-119-0x0000000000400000-0x00000000004C7000-memory.dmp

                                                                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                                                                        796KB

                                                                                                                                                                                                                                                                                                      • memory/2020-83-0x0000000000400000-0x00000000004C7000-memory.dmp

                                                                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                                                                        796KB

                                                                                                                                                                                                                                                                                                      • memory/2020-120-0x0000000000400000-0x00000000004C7000-memory.dmp

                                                                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                                                                        796KB

                                                                                                                                                                                                                                                                                                      • memory/2064-78-0x0000000000400000-0x00000000004C7000-memory.dmp

                                                                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                                                                        796KB

                                                                                                                                                                                                                                                                                                      • memory/2072-84-0x0000000000400000-0x00000000004C7000-memory.dmp

                                                                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                                                                        796KB

                                                                                                                                                                                                                                                                                                      • memory/2072-121-0x0000000000400000-0x00000000004C7000-memory.dmp

                                                                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                                                                        796KB

                                                                                                                                                                                                                                                                                                      • memory/2076-0-0x0000000000260000-0x0000000000261000-memory.dmp

                                                                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                                                                        4KB

                                                                                                                                                                                                                                                                                                      • memory/2076-11-0x0000000000400000-0x00000000004C7000-memory.dmp

                                                                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                                                                        796KB

                                                                                                                                                                                                                                                                                                      • memory/2136-106-0x0000000000400000-0x00000000004C7000-memory.dmp

                                                                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                                                                        796KB

                                                                                                                                                                                                                                                                                                      • memory/2152-97-0x0000000000400000-0x00000000004C7000-memory.dmp

                                                                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                                                                        796KB

                                                                                                                                                                                                                                                                                                      • memory/2160-69-0x0000000000400000-0x00000000004C7000-memory.dmp

                                                                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                                                                        796KB

                                                                                                                                                                                                                                                                                                      • memory/2168-125-0x0000000000400000-0x00000000004C7000-memory.dmp

                                                                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                                                                        796KB

                                                                                                                                                                                                                                                                                                      • memory/2232-105-0x0000000000400000-0x00000000004C7000-memory.dmp

                                                                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                                                                        796KB

                                                                                                                                                                                                                                                                                                      • memory/2272-61-0x0000000000400000-0x00000000004C7000-memory.dmp

                                                                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                                                                        796KB

                                                                                                                                                                                                                                                                                                      • memory/2288-124-0x0000000000400000-0x00000000004C7000-memory.dmp

                                                                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                                                                        796KB

                                                                                                                                                                                                                                                                                                      • memory/2304-122-0x0000000000400000-0x00000000004C7000-memory.dmp

                                                                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                                                                        796KB

                                                                                                                                                                                                                                                                                                      • memory/2392-107-0x0000000000400000-0x00000000004C7000-memory.dmp

                                                                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                                                                        796KB

                                                                                                                                                                                                                                                                                                      • memory/2400-113-0x0000000000400000-0x00000000004C7000-memory.dmp

                                                                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                                                                        796KB

                                                                                                                                                                                                                                                                                                      • memory/2424-37-0x0000000000400000-0x00000000004C7000-memory.dmp

                                                                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                                                                        796KB

                                                                                                                                                                                                                                                                                                      • memory/2428-65-0x0000000000400000-0x00000000004C7000-memory.dmp

                                                                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                                                                        796KB

                                                                                                                                                                                                                                                                                                      • memory/2488-101-0x0000000000400000-0x00000000004C7000-memory.dmp

                                                                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                                                                        796KB

                                                                                                                                                                                                                                                                                                      • memory/2512-29-0x0000000000400000-0x00000000004C7000-memory.dmp

                                                                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                                                                        796KB

                                                                                                                                                                                                                                                                                                      • memory/2560-93-0x0000000000400000-0x00000000004C7000-memory.dmp

                                                                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                                                                        796KB

                                                                                                                                                                                                                                                                                                      • memory/2564-96-0x0000000000400000-0x00000000004C7000-memory.dmp

                                                                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                                                                        796KB

                                                                                                                                                                                                                                                                                                      • memory/2564-23-0x0000000000400000-0x00000000004C7000-memory.dmp

                                                                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                                                                        796KB

                                                                                                                                                                                                                                                                                                      • memory/2600-126-0x0000000000400000-0x00000000004C7000-memory.dmp

                                                                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                                                                        796KB

                                                                                                                                                                                                                                                                                                      • memory/2632-109-0x0000000000400000-0x00000000004C7000-memory.dmp

                                                                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                                                                        796KB

                                                                                                                                                                                                                                                                                                      • memory/2676-127-0x0000000000400000-0x00000000004C7000-memory.dmp

                                                                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                                                                        796KB

                                                                                                                                                                                                                                                                                                      • memory/2688-95-0x0000000000400000-0x00000000004C7000-memory.dmp

                                                                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                                                                        796KB

                                                                                                                                                                                                                                                                                                      • memory/2724-20-0x0000000000400000-0x00000000004C7000-memory.dmp

                                                                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                                                                        796KB

                                                                                                                                                                                                                                                                                                      • memory/2732-15-0x0000000000400000-0x00000000004C7000-memory.dmp

                                                                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                                                                        796KB

                                                                                                                                                                                                                                                                                                      • memory/2740-40-0x0000000000400000-0x00000000004C7000-memory.dmp

                                                                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                                                                        796KB

                                                                                                                                                                                                                                                                                                      • memory/2776-99-0x0000000000400000-0x00000000004C7000-memory.dmp

                                                                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                                                                        796KB

                                                                                                                                                                                                                                                                                                      • memory/2832-86-0x0000000000400000-0x00000000004C7000-memory.dmp

                                                                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                                                                        796KB

                                                                                                                                                                                                                                                                                                      • memory/2876-32-0x0000000000400000-0x00000000004C7000-memory.dmp

                                                                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                                                                        796KB

                                                                                                                                                                                                                                                                                                      • memory/2884-91-0x0000000000400000-0x00000000004C7000-memory.dmp

                                                                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                                                                        796KB

                                                                                                                                                                                                                                                                                                      • memory/2908-94-0x0000000000400000-0x00000000004C7000-memory.dmp

                                                                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                                                                        796KB

                                                                                                                                                                                                                                                                                                      • memory/2932-92-0x0000000000400000-0x00000000004C7000-memory.dmp

                                                                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                                                                        796KB

                                                                                                                                                                                                                                                                                                      • memory/3012-117-0x0000000000400000-0x00000000004C7000-memory.dmp

                                                                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                                                                        796KB

                                                                                                                                                                                                                                                                                                      • memory/3040-82-0x0000000000400000-0x00000000004C7000-memory.dmp

                                                                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                                                                        796KB