Analysis
-
max time kernel
121s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system -
submitted
14-11-2024 11:40
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
Vidar.exe
Resource
win7-20241010-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
Vidar.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
12 signatures
150 seconds
General
-
Target
Vidar.exe
-
Size
1.2MB
-
MD5
2f79684349eb97b0e072d21a1b462243
-
SHA1
ed9b9eeafc5535802e498e78611f262055d736af
-
SHA256
9be494b1233a38c3d86ae075d3073ff4de88bc3064011554aa7c96d5ef068c04
-
SHA512
4d94ae4633f3bf489d1bc9613fc6028865064ec98f73b5e9e775f08ff55d246daeddce6a4a0a013a9d05e65edc726768c397d0382e5c35352144b5338d6467d3
-
SSDEEP
24576:9piXI12TyeC5m71MsNon4J0t1TBUV1E1HP9yjy3anIPXD:9pYaeC52KsNgFtxBUvWIaaKz
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 1712 Vidar.exe 1712 Vidar.exe 1712 Vidar.exe 1712 Vidar.exe 1712 Vidar.exe 1712 Vidar.exe 1712 Vidar.exe 1712 Vidar.exe 1712 Vidar.exe 1712 Vidar.exe 1712 Vidar.exe 1712 Vidar.exe 1712 Vidar.exe 1712 Vidar.exe 1712 Vidar.exe 1712 Vidar.exe 1712 Vidar.exe 1712 Vidar.exe 1712 Vidar.exe 1712 Vidar.exe 1712 Vidar.exe 1712 Vidar.exe 1712 Vidar.exe 1712 Vidar.exe 1712 Vidar.exe 1712 Vidar.exe 1712 Vidar.exe 1712 Vidar.exe 1712 Vidar.exe 1712 Vidar.exe 1712 Vidar.exe 1712 Vidar.exe 1712 Vidar.exe 1712 Vidar.exe 1712 Vidar.exe 1712 Vidar.exe 1712 Vidar.exe 1712 Vidar.exe 1712 Vidar.exe 1712 Vidar.exe 1712 Vidar.exe 1712 Vidar.exe 1712 Vidar.exe 1712 Vidar.exe 1712 Vidar.exe 1712 Vidar.exe 1712 Vidar.exe 1712 Vidar.exe 1712 Vidar.exe 1712 Vidar.exe 1712 Vidar.exe 1712 Vidar.exe 1712 Vidar.exe 1712 Vidar.exe 1712 Vidar.exe 1712 Vidar.exe 1712 Vidar.exe 1712 Vidar.exe 1712 Vidar.exe 1712 Vidar.exe 1712 Vidar.exe 1712 Vidar.exe 1712 Vidar.exe 1712 Vidar.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1712 Vidar.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1712 wrote to memory of 2436 1712 Vidar.exe 31 PID 1712 wrote to memory of 2436 1712 Vidar.exe 31 PID 1712 wrote to memory of 2436 1712 Vidar.exe 31 PID 1712 wrote to memory of 2436 1712 Vidar.exe 31 PID 1712 wrote to memory of 2436 1712 Vidar.exe 31 PID 1712 wrote to memory of 2436 1712 Vidar.exe 31 PID 1712 wrote to memory of 2436 1712 Vidar.exe 31 PID 1712 wrote to memory of 3060 1712 Vidar.exe 32 PID 1712 wrote to memory of 3060 1712 Vidar.exe 32 PID 1712 wrote to memory of 3060 1712 Vidar.exe 32 PID 1712 wrote to memory of 3060 1712 Vidar.exe 32 PID 1712 wrote to memory of 3060 1712 Vidar.exe 32 PID 1712 wrote to memory of 3060 1712 Vidar.exe 32 PID 1712 wrote to memory of 3060 1712 Vidar.exe 32 PID 1712 wrote to memory of 2884 1712 Vidar.exe 33 PID 1712 wrote to memory of 2884 1712 Vidar.exe 33 PID 1712 wrote to memory of 2884 1712 Vidar.exe 33 PID 1712 wrote to memory of 2884 1712 Vidar.exe 33 PID 1712 wrote to memory of 2884 1712 Vidar.exe 33 PID 1712 wrote to memory of 2884 1712 Vidar.exe 33 PID 1712 wrote to memory of 2884 1712 Vidar.exe 33 PID 1712 wrote to memory of 2560 1712 Vidar.exe 34 PID 1712 wrote to memory of 2560 1712 Vidar.exe 34 PID 1712 wrote to memory of 2560 1712 Vidar.exe 34 PID 1712 wrote to memory of 2560 1712 Vidar.exe 34 PID 1712 wrote to memory of 2560 1712 Vidar.exe 34 PID 1712 wrote to memory of 2560 1712 Vidar.exe 34 PID 1712 wrote to memory of 2560 1712 Vidar.exe 34 PID 1712 wrote to memory of 2792 1712 Vidar.exe 35 PID 1712 wrote to memory of 2792 1712 Vidar.exe 35 PID 1712 wrote to memory of 2792 1712 Vidar.exe 35 PID 1712 wrote to memory of 2792 1712 Vidar.exe 35 PID 1712 wrote to memory of 2792 1712 Vidar.exe 35 PID 1712 wrote to memory of 2792 1712 Vidar.exe 35 PID 1712 wrote to memory of 2792 1712 Vidar.exe 35 PID 1712 wrote to memory of 2472 1712 Vidar.exe 36 PID 1712 wrote to memory of 2472 1712 Vidar.exe 36 PID 1712 wrote to memory of 2472 1712 Vidar.exe 36 PID 1712 wrote to memory of 2472 1712 Vidar.exe 36 PID 1712 wrote to memory of 2472 1712 Vidar.exe 36 PID 1712 wrote to memory of 2472 1712 Vidar.exe 36 PID 1712 wrote to memory of 2472 1712 Vidar.exe 36 PID 1712 wrote to memory of 2588 1712 Vidar.exe 37 PID 1712 wrote to memory of 2588 1712 Vidar.exe 37 PID 1712 wrote to memory of 2588 1712 Vidar.exe 37 PID 1712 wrote to memory of 2588 1712 Vidar.exe 37 PID 1712 wrote to memory of 2588 1712 Vidar.exe 37 PID 1712 wrote to memory of 2588 1712 Vidar.exe 37 PID 1712 wrote to memory of 2588 1712 Vidar.exe 37 PID 1712 wrote to memory of 2564 1712 Vidar.exe 38 PID 1712 wrote to memory of 2564 1712 Vidar.exe 38 PID 1712 wrote to memory of 2564 1712 Vidar.exe 38 PID 1712 wrote to memory of 2564 1712 Vidar.exe 38 PID 1712 wrote to memory of 2564 1712 Vidar.exe 38 PID 1712 wrote to memory of 2564 1712 Vidar.exe 38 PID 1712 wrote to memory of 2564 1712 Vidar.exe 38 PID 1712 wrote to memory of 2840 1712 Vidar.exe 39 PID 1712 wrote to memory of 2840 1712 Vidar.exe 39 PID 1712 wrote to memory of 2840 1712 Vidar.exe 39 PID 1712 wrote to memory of 2840 1712 Vidar.exe 39 PID 1712 wrote to memory of 2840 1712 Vidar.exe 39 PID 1712 wrote to memory of 2840 1712 Vidar.exe 39 PID 1712 wrote to memory of 2840 1712 Vidar.exe 39 PID 1712 wrote to memory of 2828 1712 Vidar.exe 40
Processes
-
C:\Users\Admin\AppData\Local\Temp\Vidar.exe"C:\Users\Admin\AppData\Local\Temp\Vidar.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1712 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:2436
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:3060
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:2884
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:2560
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:2792
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:2472
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:2588
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:2564
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:2840
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:2828
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:2960
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:2956
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:2968
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:2972
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:3012
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:2948
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:2856
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:2824
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:2212
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:2832
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:2288
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:3000
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:3024
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:3068
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:3016
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:2952
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:3040
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:2660
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:2984
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:2776
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:2672
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:2356
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:2480
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:2268
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:2340
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:668
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:1088
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:748
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:1268
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:1788
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:1608
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:1408
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:1992
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:1660
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:752
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:1952
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:1760
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:2100
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:1940
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:1776
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:1668
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:1072
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:1744
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:1604
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:2456
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:2108
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:1864
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:1792
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:2036
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:1732
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:592
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:1552
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:2004
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:1244
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:1996
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:2028
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:2668
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:836
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:1476
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:856
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:2768
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:1624
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:2032
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:2684
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:1944
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:1840
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:1020
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:1376
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:1692
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:2896
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:3052
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:2936
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:2908
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:2876
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:2916
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:2448
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:2312
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:2088
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:2284
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:112
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:2424
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:2240
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:2204
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:2208
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:1152
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:1224
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:1584
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:1548
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:2452
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Applaunch.exe"2⤵PID:1600
-