darkvision | b7a2def2630cbbca20d06f0d40ceaf00f8df471adb12f62efbeb513681cf4878

Analysis

max time kernel
148s
max time network
148s
platform
windows11-21h2_x64
resource
win11-20250410-en
resource tags

arch:x64arch:x86image:win11-20250410-enlocale:en-usos:windows11-21h2-x64system
submitted
15/04/2025, 23:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

quarantine/235T1TS.exe
Size

1.2MB
MD5

9d0b654f17466ee2eda9e03dd303812c
SHA1

312957b2937309721aef5a5945daafd2dfe0623c
SHA256

f98627e83fc643c88937ba13f628be9b9666c18aa10dbd279e1b8822d332880e
SHA512

48e7bacddcd04b8200bd20f03fd1e4618deb02fc616708a7e6d899a8071e493e7609ea1cc8ce86c17dacd2995879d9c3e58e6cf854ec07f4f25a1e7c34948b7c
SSDEEP

24576:2GkbQjI/z3YQE6eakkvEDiTZsM18DvlmpvRUtIguzz+6wzI2uTw:2Gkb6QBea3sDiVsMIsmtEzCzy

Score

10^/10

darkvision bootkit defense_evasion discovery execution persistence rat

Malware Config

Extracted

Family

darkvision

82.29.67.160

Attributes

url
http://107.174.192.179/data/003

https://grabify.link/ZATFQO

http://107.174.192.179/clean
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Signatures

DarkVision Rat
DarkVision Rat is a trojan written in C++.
rat darkvision
Darkvision family
darkvision

Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs

Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

execution

PowerShell

T1059.001

pid	Process
2204	powershell.exe
4796	powershell.exe

Downloads MZ/PE file 1 IoCs

flow	pid	Process
1	3688	svchost.exe

Drops file in Drivers directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\Drivers\48a7959d.sys	e928a46e.exe
File created	C:\Windows\System32\Drivers\klupd_48a7959da_arkmon.sys	e928a46e.exe

Sets service image path in registry 2 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\38ruUD_5040\ImagePath = "\\??\\C:\\Windows\\Temp\\38ruUD_5040.sys"	tzutil.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\48a7959d\ImagePath = "System32\\Drivers\\48a7959d.sys"	e928a46e.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\klupd_48a7959da_arkmon\ImagePath = "System32\\Drivers\\klupd_48a7959da_arkmon.sys"	e928a46e.exe

Deletes itself 1 IoCs

pid	Process
3688	svchost.exe

Executes dropped EXE 4 IoCs

pid	Process
5040	tzutil.exe
5064	w32tm.exe
3160	228f4084.exe
6728	e928a46e.exe

Impair Defenses: Safe Mode Boot 1 TTPs 3 IoCs

defense_evasion

Safe Mode Boot

T1562.009

description	ioc	Process
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\48a7959d.sys	e928a46e.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\48a7959d.sys\ = "Driver"	e928a46e.exe
Key deleted	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\48a7959d.sys	e928a46e.exe

Loads dropped DLL 17 IoCs

pid	Process
6728	e928a46e.exe
6728	e928a46e.exe
6728	e928a46e.exe
6728	e928a46e.exe
6728	e928a46e.exe
6728	e928a46e.exe
6728	e928a46e.exe
6728	e928a46e.exe
6728	e928a46e.exe
6728	e928a46e.exe
6728	e928a46e.exe
6728	e928a46e.exe
6728	e928a46e.exe
6728	e928a46e.exe
6728	e928a46e.exe
6728	e928a46e.exe
6728	e928a46e.exe

Adds Run key to start application 2 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-599783296-1627459723-2423478968-1000\Software\Microsoft\Windows\CurrentVersion\Run\{57F06FF0-B2D5-45F3-BFEE-970F76E38EFD} = "C:\\ProgramData\\{A332F586-BC6E-46FF-BB3B-A67E49F41010}\\aitstatic.exe {1CF6DD21-C538-4D1C-883F-AD3AF450FA11}"	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{57F06FF0-B2D5-45F3-BFEE-970F76E38EFD} = "C:\\ProgramData\\{A332F586-BC6E-46FF-BB3B-A67E49F41010}\\aitstatic.exe {1CF6DD21-C538-4D1C-883F-AD3AF450FA11}"	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\eb716805-4ff4-4936-9a10-e2650ce2098f = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\{0d349f48-a2df-4d32-90ba-81c5246eda37}\\eb716805-4ff4-4936-9a10-e2650ce2098f.cmd\""	e928a46e.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	e928a46e.exe

Checks for VirtualBox DLLs, possible anti-VM trick 1 TTPs 2 IoCs

Certain files are specific to VirtualBox VMs and can be used to detect execution in a VM.

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\VBoxMiniRdrDN	228f4084.exe
File opened (read-only)	\??\VBoxMiniRdrDN	e928a46e.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	235T1TS.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	228f4084.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e928a46e.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 64 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
8460	PING.EXE
12752	PING.EXE
1976	PING.EXE
2500	PING.EXE
8852	PING.EXE
5580	PING.EXE
12680	PING.EXE
13156	PING.EXE
7964	PING.EXE
11044	PING.EXE
12144	PING.EXE
7708	PING.EXE
8072	PING.EXE
8200	PING.EXE
9756	PING.EXE
1692	PING.EXE
1016	PING.EXE
9644	PING.EXE
10952	PING.EXE
8572	PING.EXE
8828	PING.EXE
12200	PING.EXE
4916	PING.EXE
8908	PING.EXE
2644	PING.EXE
9732	PING.EXE
11344	PING.EXE
6204	PING.EXE
12296	PING.EXE
5024	PING.EXE
7544	PING.EXE
2792	PING.EXE
5136	PING.EXE
6528	PING.EXE
8068	PING.EXE
7628	PING.EXE
3924	PING.EXE
408	PING.EXE
9684	PING.EXE
10900	PING.EXE
11784	PING.EXE
10772	PING.EXE
9968	PING.EXE
10352	PING.EXE
8204	PING.EXE
10236	PING.EXE
8796	PING.EXE
2684	PING.EXE
12652	PING.EXE
12788	PING.EXE
10704	PING.EXE
12956	PING.EXE
9332	PING.EXE
3560	PING.EXE
1008	PING.EXE
7812	PING.EXE
10012	PING.EXE
12440	PING.EXE
2212	PING.EXE
5548	PING.EXE
7540	PING.EXE
11564	PING.EXE
12244	PING.EXE
9064	PING.EXE

Modifies registry key 1 TTPs 2 IoCs

Modify Registry

T1112

pid	Process
10128	reg.exe
10092	reg.exe

Runs ping.exe 1 TTPs 64 IoCs

Remote System Discovery

T1018

pid	Process
2740	PING.EXE
2440	PING.EXE
11756	PING.EXE
7444	PING.EXE
8448	PING.EXE
6568	PING.EXE
7568	PING.EXE
8240	PING.EXE
7760	PING.EXE
8200	PING.EXE
5548	PING.EXE
112	PING.EXE
4000	PING.EXE
4384	PING.EXE
8288	PING.EXE
10936	PING.EXE
7756	PING.EXE
11780	PING.EXE
1568	PING.EXE
12112	PING.EXE
8796	PING.EXE
10588	PING.EXE
9128	PING.EXE
12464	PING.EXE
6664	PING.EXE
652	PING.EXE
2480	PING.EXE
7132	PING.EXE
7812	PING.EXE
5412	PING.EXE
11980	PING.EXE
11088	PING.EXE
11232	PING.EXE
4788	PING.EXE
9012	PING.EXE
9232	PING.EXE
8716	PING.EXE
9756	PING.EXE
2500	PING.EXE
12168	PING.EXE
688	PING.EXE
7896	PING.EXE
8828	PING.EXE
8544	PING.EXE
2684	PING.EXE
6240	PING.EXE
9044	PING.EXE
13296	PING.EXE
9252	PING.EXE
9732	PING.EXE
9880	PING.EXE
8132	PING.EXE
9184	PING.EXE
12956	PING.EXE
13008	PING.EXE
1044	PING.EXE
10724	PING.EXE
4604	PING.EXE
6272	PING.EXE
8012	PING.EXE
4560	PING.EXE
11584	PING.EXE
7028	PING.EXE
10304	PING.EXE

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2204	powershell.exe
2204	powershell.exe
1048	powershell.exe
1048	powershell.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
5040	tzutil.exe
6728	e928a46e.exe

Suspicious behavior: MapViewOfSection 3 IoCs

pid	Process
4236	235T1TS.exe
4236	235T1TS.exe
4236	235T1TS.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: SeDebugPrivilege	2204	powershell.exe
Token: SeLoadDriverPrivilege	5040	tzutil.exe
Token: SeDebugPrivilege	1048	powershell.exe
Token: SeDebugPrivilege	6728	e928a46e.exe
Token: SeBackupPrivilege	6728	e928a46e.exe
Token: SeRestorePrivilege	6728	e928a46e.exe
Token: SeLoadDriverPrivilege	6728	e928a46e.exe
Token: SeShutdownPrivilege	6728	e928a46e.exe
Token: SeSystemEnvironmentPrivilege	6728	e928a46e.exe
Token: SeSecurityPrivilege	6728	e928a46e.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4236 wrote to memory of 3744	4236	235T1TS.exe	78
PID 4236 wrote to memory of 3744	4236	235T1TS.exe	78
PID 3744 wrote to memory of 2204	3744	cmd.exe	80
PID 3744 wrote to memory of 2204	3744	cmd.exe	80
PID 4236 wrote to memory of 3688	4236	235T1TS.exe	81
PID 4236 wrote to memory of 3688	4236	235T1TS.exe	81
PID 3688 wrote to memory of 5040	3688	svchost.exe	86
PID 3688 wrote to memory of 5040	3688	svchost.exe	86
PID 3688 wrote to memory of 5096	3688	svchost.exe	87
PID 3688 wrote to memory of 5096	3688	svchost.exe	87
PID 3688 wrote to memory of 5064	3688	svchost.exe	88
PID 3688 wrote to memory of 5064	3688	svchost.exe	88
PID 5040 wrote to memory of 4796	5040	tzutil.exe	90
PID 5040 wrote to memory of 4796	5040	tzutil.exe	90
PID 5040 wrote to memory of 1048	5040	tzutil.exe	92
PID 5040 wrote to memory of 1048	5040	tzutil.exe	92
PID 5064 wrote to memory of 3160	5064	w32tm.exe	94
PID 5064 wrote to memory of 3160	5064	w32tm.exe	94
PID 5064 wrote to memory of 3160	5064	w32tm.exe	94
PID 3160 wrote to memory of 6728	3160	228f4084.exe	95
PID 3160 wrote to memory of 6728	3160	228f4084.exe	95
PID 3160 wrote to memory of 6728	3160	228f4084.exe	95
PID 6840 wrote to memory of 7180	6840	cmd.exe	98
PID 6840 wrote to memory of 7180	6840	cmd.exe	98
PID 6840 wrote to memory of 7224	6840	cmd.exe	99
PID 6840 wrote to memory of 7224	6840	cmd.exe	99
PID 6840 wrote to memory of 7268	6840	cmd.exe	100
PID 6840 wrote to memory of 7268	6840	cmd.exe	100
PID 6840 wrote to memory of 7316	6840	cmd.exe	101
PID 6840 wrote to memory of 7316	6840	cmd.exe	101
PID 6840 wrote to memory of 7392	6840	cmd.exe	102
PID 6840 wrote to memory of 7392	6840	cmd.exe	102
PID 6840 wrote to memory of 7444	6840	cmd.exe	103
PID 6840 wrote to memory of 7444	6840	cmd.exe	103
PID 6840 wrote to memory of 7508	6840	cmd.exe	104
PID 6840 wrote to memory of 7508	6840	cmd.exe	104
PID 6840 wrote to memory of 7560	6840	cmd.exe	105
PID 6840 wrote to memory of 7560	6840	cmd.exe	105
PID 6840 wrote to memory of 7620	6840	cmd.exe	106
PID 6840 wrote to memory of 7620	6840	cmd.exe	106
PID 6840 wrote to memory of 7660	6840	cmd.exe	107
PID 6840 wrote to memory of 7660	6840	cmd.exe	107
PID 6840 wrote to memory of 7708	6840	cmd.exe	108
PID 6840 wrote to memory of 7708	6840	cmd.exe	108
PID 6840 wrote to memory of 7760	6840	cmd.exe	109
PID 6840 wrote to memory of 7760	6840	cmd.exe	109
PID 6840 wrote to memory of 7812	6840	cmd.exe	110
PID 6840 wrote to memory of 7812	6840	cmd.exe	110
PID 6840 wrote to memory of 7872	6840	cmd.exe	111
PID 6840 wrote to memory of 7872	6840	cmd.exe	111
PID 6840 wrote to memory of 4556	6840	cmd.exe	112
PID 6840 wrote to memory of 4556	6840	cmd.exe	112
PID 6840 wrote to memory of 7964	6840	cmd.exe	113
PID 6840 wrote to memory of 7964	6840	cmd.exe	113
PID 6840 wrote to memory of 8012	6840	cmd.exe	114
PID 6840 wrote to memory of 8012	6840	cmd.exe	114
PID 6840 wrote to memory of 8072	6840	cmd.exe	115
PID 6840 wrote to memory of 8072	6840	cmd.exe	115
PID 6840 wrote to memory of 8120	6840	cmd.exe	116
PID 6840 wrote to memory of 8120	6840	cmd.exe	116
PID 6840 wrote to memory of 8188	6840	cmd.exe	117
PID 6840 wrote to memory of 8188	6840	cmd.exe	117
PID 6840 wrote to memory of 2648	6840	cmd.exe	118
PID 6840 wrote to memory of 2648	6840	cmd.exe	118

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\quarantine\235T1TS.exe
"C:\Users\Admin\AppData\Local\Temp\quarantine\235T1TS.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:4236
- C:\Windows\SYSTEM32\cmd.exe
  cmd.exe /c powershell.exe Add-MpPreference -ExclusionPath 'C:'
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3744
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe Add-MpPreference -ExclusionPath 'C:'
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2204
- C:\Windows\system32\svchost.exe
  "C:\Windows\system32\svchost.exe"
  2⤵
  - Downloads MZ/PE file
  - Deletes itself
  - Adds Run key to start application
  - Suspicious use of WriteProcessMemory
  PID:3688
- - C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exe
    "C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exe" ""
    3⤵
    - Sets service image path in registry
    - Executes dropped EXE
    - Suspicious behavior: LoadsDriver
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:5040
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell Add-MpPreference -ExclusionPath C:\
      4⤵
      Command and Scripting Interpreter: PowerShell
      PID:4796
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell Remove-MpPreference -ExclusionPath C:\
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:1048
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\set.bat" """
    3⤵
    PID:5096
- - C:\Users\Admin\AppData\Local\Temp\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\w32tm.exe
    "C:\Users\Admin\AppData\Local\Temp\\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\w32tm.exe" ""
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:5064
  - - C:\Users\Admin\AppData\Local\Temp\{c2dad9a5-8f7e-4daf-a3fd-99e92844454c}\228f4084.exe
      "C:\Users\Admin\AppData\Local\Temp\{c2dad9a5-8f7e-4daf-a3fd-99e92844454c}\228f4084.exe" -accepteula -adinsilent -silent -processlevel 2 -postboot
      4⤵
      Executes dropped EXE
      Checks for VirtualBox DLLs, possible anti-VM trick
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:3160
    - - C:\Users\Admin\AppData\Local\Temp\{91fb512a-e991-418a-b7c0-a4ffe9c7ae2f}\e928a46e.exe
        
        C:/Users/Admin/AppData/Local/Temp/{91fb512a-e991-418a-b7c0-a4ffe9c7ae2f}/\e928a46e.exe -accepteula -adinsilent -silent -processlevel 2 -postboot
        5⤵
        Drops file in Drivers directory
        Sets service image path in registry
        Executes dropped EXE
        Impair Defenses: Safe Mode Boot
        Loads dropped DLL
        Adds Run key to start application
        Writes to the Master Boot Record (MBR)
        Checks for VirtualBox DLLs, possible anti-VM trick
        System Location Discovery: System Language Discovery
        Suspicious behavior: LoadsDriver
        Suspicious use of AdjustPrivilegeToken
        
        PID:6728
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\{0d349f48-a2df-4d32-90ba-81c5246eda37}\eb716805-4ff4-4936-9a10-e2650ce2098f.cmd" "
        6⤵
        
        PID:9780
        
        C:\Windows\system32\PING.EXE
        
        ping 127.0.0.1 -n 1
        7⤵
        
        PID:10000
        
        C:\Windows\system32\reg.exe
        
        reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce /v eb716805-4ff4-4936-9a10-e2650ce2098f /f
        7⤵
        Modifies registry key
        
        PID:10128

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\ProgramData\{A332F586-BC6E-46FF-BB3B-A67E49F41010}\aitstatic.exe {1CF6DD21-C538-4D1C-883F-AD3AF450FA11}
1⤵
PID:5888

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\ProgramData\{A332F586-BC6E-46FF-BB3B-A67E49F41010}\aitstatic.exe {1CF6DD21-C538-4D1C-883F-AD3AF450FA11}
1⤵
PID:5816

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\{0d349f48-a2df-4d32-90ba-81c5246eda37}\eb716805-4ff4-4936-9a10-e2650ce2098f.cmd"
1⤵
- Suspicious use of WriteProcessMemory
PID:6840
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7180
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7224
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7268
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7316
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7392
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:7444
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7508
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7560
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7620
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7660
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:7708
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:7760
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  - Runs ping.exe
  PID:7812
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7872
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:4556
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:7964
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:8012
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:8072
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8120
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8188
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:2648
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:2992
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:1324
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:1692
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  - Runs ping.exe
  PID:8200
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8248
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:8288
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8360
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8408
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:8460
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8504
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:8544
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8596
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8648
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8704
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8752
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  - Runs ping.exe
  PID:8796
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:8852
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8904
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8944
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8988
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9048
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9092
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9152
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9204
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:1304
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:9252
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9296
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:9332
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9392
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9440
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9520
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9588
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9632
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9692
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  - Runs ping.exe
  PID:9732
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9780
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9832
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:9880
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9940
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9972
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:10032
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:10084
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:10136
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:10180
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:3252
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6128
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:10264
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:10316
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:10352
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:10404
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:10456
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:10508
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:10556
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:10616
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:10664
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:10724
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:10772
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:10816
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:10884
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:10936
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:10972
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11012
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11072
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11144
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11192
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11228
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  - Runs ping.exe
  PID:2684
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:5412
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11276
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11324
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:11344
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11404
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11448
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11480
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11544
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:11584
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11636
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11672
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11720
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:11756
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11812
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11864
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11932
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:11980
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12004
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12052
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  - Runs ping.exe
  PID:2500
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:12144
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:12168
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:12200
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12248
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:4700
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:12296
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12340
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12400
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12452
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12500
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12560
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12596
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:12652
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12712
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:12752
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:12788
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12844
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12904
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12952
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12992
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:13036
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:13088
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:13132
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:13164
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:5580
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:13248
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:13292
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:1940
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:4604
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:4848
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:2720
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:3552
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:1388
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:4372
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:5124
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:2792
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:4000
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:6272
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6336
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:1384
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:4560
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7208
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7324
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7408
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7480
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:7540
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:7628
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7672
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:7756
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7844
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7876
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7928
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7976
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8024
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:8132
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8168
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8220
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8264
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:3924
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8708
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8768
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8844
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9276
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9352
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:2056
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9516
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9980
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:10460
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:10528
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:10588
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:10640
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:10704
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:10736
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:10808
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:10864
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:5440
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:11564
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:11780
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12508
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:4812
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:3176
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:1432
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:4936
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:4508
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:4916
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:4264
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:5152
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:5972
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:5136
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:4432
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:648
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:2560
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:1932
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:2236
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:2472
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:4548
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:5280
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:4760
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:5292
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:236
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:2144
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:2456
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  - Runs ping.exe
  PID:5548
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6152
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:6204
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:6240
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6296
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6332
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6376
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6420
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6484
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:6528
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6572
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6608
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:6664
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6704
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6748
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6784
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6824
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6872
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6936
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6984
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:7028
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7068
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7100
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7152
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:1568
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:468
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:3560
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:464
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:688
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:408
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:652
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:4436
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:1016
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:1924
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7248
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7332
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7424
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7536
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7636
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7724
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7808
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8076
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:1728
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:4360
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:1008
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:5448
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:3264
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:8204
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8356
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8404
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:8448
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8492
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8548
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8592
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8640
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8688
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8824
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:8908
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8964
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9016
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:9044
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9096
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9124
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:9184
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:2480
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:9232
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9272
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9448
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9484
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9528
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9572
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:9644
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:9684
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9744
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9784
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9828
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9876
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9928
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:9968
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:10012
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:10028
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:10112
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:10152
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:10204
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:10236
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:10248
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:10304
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:10368
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:10408
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:10484
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:10788
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:10900
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:10952
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11008
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:11044
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:11088
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11128
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11172
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:11232
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:5348
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:5248
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11296
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11340
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11384
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11428
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11460
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11508
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11560
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11608
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11660
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11708
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11716
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:11784
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11832
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11876
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11916
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:11944
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12036
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12048
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:12112
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12156
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:12244
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:4152
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:1976
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12304
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12352
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12388
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:12440
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:12464
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12544
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12588
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12612
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:12680
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12736
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12792
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12836
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12868
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:12916
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  - Runs ping.exe
  PID:12956
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:13008
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:13060
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:13112
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:13156
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:13212
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:13260
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:13296
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:1840
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:4768
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:2740
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:2032
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:4192
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:4640
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:3388
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:4384
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:4520
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:2060
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:4428
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:5900
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:4164
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:3096
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:2296
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:4568
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:1152
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:1036
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:4912
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:2556
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:3728
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:2924
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:2344
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:4788
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:3328
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:4364
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:4924
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:2204
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:2284
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:5024
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:112
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:344
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:1044
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:3832
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:2212
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6156
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6200
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6252
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6392
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6432
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6472
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6516
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:6568
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:5860
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6660
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6744
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6828
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6896
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:3548
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7072
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7204
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7232
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7276
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:7132
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7336
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:2884
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:3892
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6852
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6040
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7420
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7460
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7436
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:7544
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:7568
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7632
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:2644
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7676
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7728
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7804
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7856
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:7896
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7940
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:6996
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:7980
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:8068
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8088
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8144
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:2100
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:2452
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:2440
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:2420
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:3224
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:8240
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8272
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8324
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8392
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8444
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:1564
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:8572
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8620
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8676
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:8716
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8772
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  - Runs ping.exe
  PID:8828
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8880
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8928
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:8952
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:9012
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:9064
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:9128
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9172
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:5308
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9228
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9292
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9320
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9376
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9424
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9496
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9548
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9588
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9712
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  - Runs ping.exe
  PID:9756
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:9788
- C:\Windows\system32\PING.EXE
  ping 127.0.0.1 -n 1
  2⤵
  PID:10020
- C:\Windows\system32\reg.exe
  reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce /v eb716805-4ff4-4936-9a10-e2650ce2098f /f
  2⤵
  - Modifies registry key
  PID:10092

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Impair Defenses

T1562

Safe Mode Boot

T1562.009

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exe

Filesize
1.9MB

MD5
3cf1ad76cc9ee98b2ef901bc43d27e42

SHA1
6661ccb3bdba15713c4573de6bb6da1340ceb4d8

SHA256
ee6eb001007a24a393576197ff02b58b6f5c7cd673c3cfa33f6aaa65673a72fb

SHA512
8207080ec48518f5ea723b452fbcbc489003a944ef65371348adbf068b07e5cde477cc423f8c6c30c6b7a489d677d42e3b4f13742cb6efbb00ae0b3fcf1bedc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
627073ee3ca9676911bee35548eff2b8

SHA1
4c4b68c65e2cab9864b51167d710aa29ebdcff2e

SHA256
85b280a39fc31ba1e15fb06102a05b8405ff3b82feb181d4170f04e466dd647c

SHA512
3c5f6c03e253b83c57e8d6f0334187dbdcdf4fa549eecd36cbc1322dca6d3ca891dc6a019c49ec2eafb88f82d0434299c31e4dfaab123acb42e0546218f311fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
944B

MD5
5cc7e3c5a6cd58c8ed5d9f6359acbfdc

SHA1
2bb172615bf723b9e2579da25bde442952f82a09

SHA256
65ac9ad9a31a82b6ed49a995c5591031df2977d67edfbfb3ac6c80f1faee5be5

SHA512
e6f46728fa847bb4c7e0bf2b44d41aa36b1b71d25ec362cb2a58ed922f649ece8c04aa9cbfc4a06e43556106675cf6a7e44d5166ec99b945455aebf8d357c24d

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_njkbwavn.fkl.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\{0d349f48-a2df-4d32-90ba-81c5246eda37}\eb716805-4ff4-4936-9a10-e2650ce2098f.cmd

Filesize
695B

MD5
b7a54b22be1ff1fbdc65b9dbf2c017dd

SHA1
53019f8d68c40bb9524ce84dea67a2a2af35a2f5

SHA256
0a7fb7d2f65b057a1c85975ee39c50cb7fbee43178f5cddfd625fb36cc9fe7a9

SHA512
904e5c502a5d124f440539d56f5d93d04e03103f50e7692d4e01e4382e810a7efa1c83aeaa7445a870aa2cfe5d8caa67160e5acb0741992ec607ac4c30b4cb57

Download Submit
C:\Users\Admin\AppData\Local\Temp\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\set.bat

Filesize
153B

MD5
77d9ab6e61cf9928494530be8ed5d80d

SHA1
9da463abb2f54ce0497ab48aa04a9da8d1f77679

SHA256
0324ba4d164702b4020ec6bf79cfbfa93e9a635234085e96888854b173735cbc

SHA512
2cc2679229c783f5e243948f8e6d9a17d3cc187956a8b0eefc1f027dcfdcf9cb69f48f93d8eb2c4cd5c801f859882a7589a6f4919b32ebb77d90244329dab856

Download Submit
C:\Users\Admin\AppData\Local\Temp\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\w32tm.exe

Filesize
1.3MB

MD5
15bdc4bd67925ef33b926843b3b8154b

SHA1
646af399ef06ac70e6bd43afe0f978f0f51a75fd

SHA256
4f0b2c61bccfd9aa3db301ee4e15607df41ded533757de34c986a0ff25b6246d

SHA512
eac0736a06d0835758318d594d3560ee6be82889020a173463943956dd400d08cf1174a4c722dc45a3f3c034131982f4b19ff27db1163838afbfac37f397eaf8

Download Submit
C:\Users\Admin\AppData\Local\Temp\{91fb512a-e991-418a-b7c0-a4ffe9c7ae2f}\AP26B7~1.DLL

Filesize
17KB

MD5
ff8026dab5d3dabca8f72b6fa7d258fa

SHA1
075c8719e226a34d7b883fd62b2d7f8823d70f1a

SHA256
535e9d20f00a2f1a62f843a4a26cfb763138d5dfe358b0126d33996fba9ca4d1

SHA512
9c56ff11d5843ba09cd29e3bc6c6b9396926c6a588194193ba220cfa784b770ab6756076f16f18cfea75b51a8184a1063ef47f63804839530382f8d39d5cf006

Download Submit
C:\Users\Admin\AppData\Local\Temp\{91fb512a-e991-418a-b7c0-a4ffe9c7ae2f}\AP345C~1.DLL

Filesize
17KB

MD5
d91bf81cf5178d47d1a588b0df98eb24

SHA1
75f9f2da06aa2735906b1c572dd556a3c30e7717

SHA256
f8e3b45fd3e22866006f16a9e73e28b5e357f31f3c275b517692a5f16918b492

SHA512
93d1b0d226e94235f1b32d42f6c1b95fadfaf103b8c1782423d2c5a4836102084fb53f871e3c434b85f0288e47f44345138de54ea5f982ca3e8bbf2d2bea0706

Download Submit
C:\Users\Admin\AppData\Local\Temp\{91fb512a-e991-418a-b7c0-a4ffe9c7ae2f}\AP4F63~1.DLL

Filesize
17KB

MD5
18fd51821d0a6f3e94e3fa71db6de3af

SHA1
7d9700e98ef2d93fdbf8f27592678194b740f4e0

SHA256
dba84e704ffe5fcd42548856258109dc77c6a46fd0b784119a3548ec47e5644b

SHA512
4009b4d50e3cb17197009ac7e41a2351de980b2c5b79c0b440c7fe4c1c3c4e18f1089c6f43216eaa262062c395423f3ad92ca494f664636ff7592c540c5ef89d

Download Submit
C:\Users\Admin\AppData\Local\Temp\{91fb512a-e991-418a-b7c0-a4ffe9c7ae2f}\AP87F4~1.DLL

Filesize
21KB

MD5
eefe86b5a3ab256beed8621a05210df2

SHA1
90c1623a85c519adbc5ef67b63354f881507b8a7

SHA256
1d1c11fc1ad1febf9308225c4ccf0431606a4ab08680ba04494d276cb310bf15

SHA512
c326a2ca190db24e8e96c43d1df58a4859a32eb64b0363f9778a8902f1ac0307dca585be04f831a66bc32df54499681ad952ce654d607f5fdb93e9b4504d653f

Download Submit
C:\Users\Admin\AppData\Local\Temp\{91fb512a-e991-418a-b7c0-a4ffe9c7ae2f}\APC7B0~1.DLL

Filesize
17KB

MD5
3f224766fe9b090333fdb43d5a22f9ea

SHA1
548d1bb707ae7a3dfccc0c2d99908561a305f57b

SHA256
ae5e73416eb64bc18249ace99f6847024eceea7ce9c343696c84196460f3a357

SHA512
c12ea6758071b332368d7ef0857479d2b43a4b27ceeab86cbb542bd6f1515f605ea526dfa3480717f8f452989c25d0ee92bf3335550b15ecec79e9b25e66a2ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\{91fb512a-e991-418a-b7c0-a4ffe9c7ae2f}\APDEA0~1.DLL

Filesize
17KB

MD5
79ee4a2fcbe24e9a65106de834ccda4a

SHA1
fd1ba674371af7116ea06ad42886185f98ba137b

SHA256
9f7bda59faafc8a455f98397a63a7f7d114efc4e8a41808c791256ebf33c7613

SHA512
6ef7857d856a1d23333669184a231ad402dc62c8f457a6305fe53ed5e792176ca6f9e561375a707da0d7dd27e6ea95f8c4355c5dc217e847e807000b310aa05c

Download Submit
C:\Users\Admin\AppData\Local\Temp\{91fb512a-e991-418a-b7c0-a4ffe9c7ae2f}\API-MS~2.DLL

Filesize
18KB

MD5
aabbb38c4110cc0bf7203a567734a7e7

SHA1
5df8d0cdd3e1977ffacca08faf8b1c92c13c6d48

SHA256
24b07028c1e38b9ca2f197750654a0dfb7d33c2e52c9dd67100609499e8028db

SHA512
c66c98d2669d7a180510c57bab707d1e224c12ab7e2b08994eb5fd5be2f3dee3dbdb934bcb9db168845e4d726114bce317045027215419d3f13dcfa0f143d713

Download Submit
C:\Users\Admin\AppData\Local\Temp\{91fb512a-e991-418a-b7c0-a4ffe9c7ae2f}\API-MS~3.DLL

Filesize
17KB

MD5
8894176af3ea65a09ae5cf4c0e6ff50f

SHA1
46858ea9029d7fc57318d27ca14e011327502910

SHA256
c64b7c6400e9bacc1a4f1baed6374bfbce9a3f8cf20c2d03f81ef18262f89c60

SHA512
64b31f9b180c2e4e692643d0ccd08c3499cae87211da6b2b737f67b5719f018ebcacc2476d487a0aeb91fea1666e6dbbf4ca7b08bb4ab5a031655bf9e02cea9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\{91fb512a-e991-418a-b7c0-a4ffe9c7ae2f}\API-MS~4.DLL

Filesize
17KB

MD5
879920c7fa905036856bcb10875121d9

SHA1
a82787ea553eefa0e7c3bb3aedb2f2c60e39459a

SHA256
7e4cba620b87189278b5631536cdad9bfda6e12abd8e4eb647cb85369a204fe8

SHA512
06650248ddbc68529ef51c8b3bc3185a22cf1685c5fa9904aee766a24e12d8a2a359b1efd7f49cc2f91471015e7c1516c71ba9d6961850553d424fa400b7ea91

Download Submit
C:\Users\Admin\AppData\Local\Temp\{91fb512a-e991-418a-b7c0-a4ffe9c7ae2f}\Bases\Cache\sys_critical_obj.dll.7a985f23681627a99a33ab3c0bdf1385_0

Filesize
725KB

MD5
7a985f23681627a99a33ab3c0bdf1385

SHA1
5cf4a11ce8ea6b427440fffbf4c1338e06b7c79a

SHA256
6e8f63491c98500aa9d6746bd44f002457a03eca3d1321501b7e76e1baa976c4

SHA512
bd0a195d7bc033a9b51e1b605041b9dcdb0c4abaa49961351c898355e500844be9bf192f65af9614f15ad6b474cbd474b26b995b7a371c4706131e46f49e9c51

Download Submit
C:\Users\Admin\AppData\Local\Temp\{91fb512a-e991-418a-b7c0-a4ffe9c7ae2f}\Bases\KSN\log0

Filesize
584KB

MD5
0090d68cd98a1c0ebdc9b7a6a909f52e

SHA1
bf86500cc6af06dcfd47cf92eb2dfb022f2fdc22

SHA256
86bdb178b04e95a9091bd0f07b3089a99aa9af618e9964a483474c62b595bfeb

SHA512
1d9bb870bd23aef6100969b8894d6e7a3738a62a37fbeae044d08092f983021206568fc5de00605aad1fe6aa3deabb69175aea6afcaa676fff3357290654f689

Download Submit
C:\Users\Admin\AppData\Local\Temp\{91fb512a-e991-418a-b7c0-a4ffe9c7ae2f}\Bases\SCO\log0

Filesize
810KB

MD5
229363765de004a2de108ae5b3ed8b21

SHA1
3bd09603f50614dfa0cb617d0fb2d78874db88e0

SHA256
9bf9e9b27c4ba20d1e1583084e3545f278be4ff54642f33c8cb61c74be1786c6

SHA512
52e2705b93421bb7e85c81df46839d3c79588c6971fb5699b376dfbe23fbbf1837b6467a5ec5c7ca52c80a494f9b9eb06452edd04dc5d745012d10166304fa07

Download Submit
C:\Users\Admin\AppData\Local\Temp\{91fb512a-e991-418a-b7c0-a4ffe9c7ae2f}\Bases\arkmon64.drv

Filesize
390KB

MD5
7c924dd4d20055c80007791130e2d03f

SHA1
072f004ddcc8ddf12aba64e09d7ee0ce3030973e

SHA256
406ab7d6e45dbedcfbd2d7376a643620c7462cece3e41115c8fbc07861177ec6

SHA512
ab26005da50cbf1f45129834cb661b5b97aed5637d4ebc9821c8b744ff61c3f108f423ae5628602d99b3d859e184bfb23900797538dca2891186321d832ea806

Download Submit
C:\Users\Admin\AppData\Local\Temp\{91fb512a-e991-418a-b7c0-a4ffe9c7ae2f}\Bases\certdb_v2.dat

Filesize
2.3MB

MD5
049e0c2549c1ca762b6b1b50acc89d71

SHA1
d711fd1c5114750621331664e0f6a34ab1e3781b

SHA256
b25cf878fb8bf9ca53a51648bcba21162a700e719fb1c2921f99f3ea62cf7de3

SHA512
e57b54b8215f5607586b483a3815eb2f4e6d74fb563b4292c6aebbd0d6a9de09e7ac647d9497ff87f59380b6075a6be9f8c1a834ef13f66ee1c8caec3eb391f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\{91fb512a-e991-418a-b7c0-a4ffe9c7ae2f}\Bases\rootcertdb.dat

Filesize
730KB

MD5
926051cb0a2a35a72b3ef78a705caa8d

SHA1
39fc4903134e9db7f1a2d2c4d0b45e3f824f218f

SHA256
e14426389fcc7952f831ed97ccff75ae7225f59f98dd7f62876475983f9263fd

SHA512
bd28ac27ae8365e610d9ed2e59150e266a017933aae56efbc812a78136e67eb22372b21eab39f7f06a90879d61bf008af98149d9d5a55e40009deda28563a9f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\{91fb512a-e991-418a-b7c0-a4ffe9c7ae2f}\KVRT.exe

Filesize
2.6MB

MD5
3fb0ad61548021bea60cdb1e1145ed2c

SHA1
c9b1b765249bfd76573546e92287245127a06e47

SHA256
5d1a788260891c317f9d05b3387e732af908959c5ad4f5a84e7984bee71084f1

SHA512
38269c22fda1fdee5906c2bfdfc19b77b5f6d8da2be939c6d8259b536912f8bc6f261f5c508f47ade8ab591a54aafbfbcc302219820bad19feb78fcc3586d331

Download Submit
C:\Users\Admin\AppData\Local\Temp\{91fb512a-e991-418a-b7c0-a4ffe9c7ae2f}\VCRUNTIME140.dll

Filesize
78KB

MD5
a37ee36b536409056a86f50e67777dd7

SHA1
1cafa159292aa736fc595fc04e16325b27cd6750

SHA256
8934aaeb65b6e6d253dfe72dea5d65856bd871e989d5d3a2a35edfe867bb4825

SHA512
3a7c260646315cf8c01f44b2ec60974017496bd0d80dd055c7e43b707cadba2d63aab5e0efd435670aa77886ed86368390d42c4017fc433c3c4b9d1c47d0f356

Download Submit
C:\Users\Admin\AppData\Local\Temp\{91fb512a-e991-418a-b7c0-a4ffe9c7ae2f}\app_core.dll

Filesize
1.3MB

MD5
fe0964663cf9c5e4ff493198e035cc1f

SHA1
ab9b19bd0e4efa36f78d2059b4ca556521eb35cb

SHA256
ddd70011d86b8ec909295ef45f94b48b0252229b6182af9ef8a6029c30daaf39

SHA512
923cfd9143d3850357bda901f66b5292f36ff025f05b2156667873861a02d9f498a03cdb73d2c477c0055d46600628f936b70dec46d7687fe0a97cbb1c8cf0ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\{91fb512a-e991-418a-b7c0-a4ffe9c7ae2f}\app_core_meta.dll

Filesize
619KB

MD5
81172e3cf5fc6df072b45c4f1fb6eb34

SHA1
5eb293f0fe6c55e075c5ebef4d21991546f7e504

SHA256
2a272a1990a3dfa35693adf0689512b068a831283a852f8f805cb28153115f57

SHA512
8dc4b0d5593cf2c2262b2802b60672c392dfe0e1cd757a3410e5376bbe6bf6c473428a7ca0fc1c7f0d2de5f59017d8464e7789c76999b5d7b5379209b34c1813

Download Submit
C:\Users\Admin\AppData\Local\Temp\{91fb512a-e991-418a-b7c0-a4ffe9c7ae2f}\config.esm

Filesize
51KB

MD5
184a351c4d532405206e309c10af1d15

SHA1
3cf49f2275f3f9bd8e385eddcdd04e3fc2a17352

SHA256
ef0b7e22d8f7bd06964969a7f2979a475ba1c9c34efccb0c3b9e03ae950c63f6

SHA512
9a1a3cb0e3713ba41f36f4f01f2151b0c04454a05c986215ed2cc42180994f90d10e031d77452a2d0ad5a78f15d8d31c327d0d1ee676789780e6483dbe5e0341

Download Submit
C:\Users\Admin\AppData\Local\Temp\{91fb512a-e991-418a-b7c0-a4ffe9c7ae2f}\crypto_components.dll

Filesize
1.9MB

MD5
faf8d079132fe4f01bf50a5b4dce8d00

SHA1
e7e5b6e6a1f302e6359bd0ec619fa18f81b395a2

SHA256
961c28a780b88f5a8efb9918f18b94f106e02a870d9418366e42badf0cd52716

SHA512
38d154ca6affdc3c090fb3baff82a719df3fe541d38413320e0700e661d6f86a4c8f818b8bfebd29e9d9154c7d2869354dbfc49fd901b63909ef0317952bd923

Download Submit
C:\Users\Admin\AppData\Local\Temp\{91fb512a-e991-418a-b7c0-a4ffe9c7ae2f}\crypto_components_meta.dll

Filesize
61KB

MD5
3d9d1753ed0f659e4db02e776a121862

SHA1
031fb78fe7dc211fe9e0dc8ba0027c14e84cd07f

SHA256
b6163ec9d4825102e3d423e02fb026259a6a17e7d7696ae060ec2b0ba97f54f2

SHA512
e1f50513db117c32505944bfb19fd3185b3231b6bd9f0495942bd9e80dd0f54ab575f1a2fca5e542174d3abe4106a9b5448d924c690e8548cd43aa77f6497c92

Download Submit
C:\Users\Admin\AppData\Local\Temp\{91fb512a-e991-418a-b7c0-a4ffe9c7ae2f}\crypto_ssl_1_1.dll

Filesize
2.0MB

MD5
717a092c6c1a5c129f0dd86bb69b20ba

SHA1
2a9b421678007dc7fba22f904a4e115d494e4ca8

SHA256
100619a8f1e92acc1c0002bda5dc2641b47819f7c05b92f9f1f4304a40d1caaa

SHA512
98bf0afadfc4ec588f8fe966b899e9762f5539bc479818e2d19673ecdd6ef6cfb7cd98effbf60eaef3250a56202ae43e7f574486759f4c1dfba46b32404169fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\{91fb512a-e991-418a-b7c0-a4ffe9c7ae2f}\dbghelp.dll

Filesize
1.2MB

MD5
4003e34416ebd25e4c115d49dc15e1a7

SHA1
faf95ec65cde5bd833ce610bb8523363310ec4ad

SHA256
c06430b8cb025be506be50a756488e1bcc3827c4f45158d93e4e3eeb98ce1e4f

SHA512
88f5d417377cd62bde417640a79b6ac493e80f0c8b1f63a99378a2a67695ef8e4a541cedb91acfa296ed608e821fee466983806f0d082ed2e74b0cd93eb4fb84

Download Submit
C:\Users\Admin\AppData\Local\Temp\{91fb512a-e991-418a-b7c0-a4ffe9c7ae2f}\dblite.dll

Filesize
703KB

MD5
98b1a553c8c5944923814041e9a73b73

SHA1
3e6169af53125b6da0e69890d51785a206c89975

SHA256
6fc0104817caa1337531c9d8b284d80052770051efb76e5829895a3854ebaec8

SHA512
8ee4467bce6495f492895a9dfaedaf85b76d6d1f67d9ff5c8c27888191c322863bc29c14ae3f505336a5317af66c31354afaeb63127e7e781f5b249f1c967363

Download Submit
C:\Users\Admin\AppData\Local\Temp\{91fb512a-e991-418a-b7c0-a4ffe9c7ae2f}\dumpwriter.dll

Filesize
409KB

MD5
f56387639f201429fb31796b03251a92

SHA1
23df943598a5e92615c42fc82e66387a73b960ff

SHA256
e7eefcf569d98a5fb14a459d949756dc00faf32ed6bda1233d9d2c79ca11531c

SHA512
7bfce579b601408262c0edd342cb2cb1ef1353b6b73dce5aad540eb77f56d1184f71c56ea859bc4373aac4875b8861e2cc5d9c49518e6c40d0b2350a7ab26c0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\{91fb512a-e991-418a-b7c0-a4ffe9c7ae2f}\instrumental_services.dll

Filesize
3.4MB

MD5
c6acd1d9a80740f8a416b0a78e3fa546

SHA1
7ea7b707d58bde0d5a14d8a7723f05e04189bce7

SHA256
db8acd14ace6d4c8d4d61016debe3c0d72677416661caf0d36e7306ed020920f

SHA512
46c889f4d84e2f8dc8bfd5bdc34a346aa393fc49adcbe95bc601e6d970599f579e5cb057196061c280cbfa976989c960ac2f1830fd61c0a9166f09a6c088c20d

Download Submit
C:\Users\Admin\AppData\Local\Temp\{91fb512a-e991-418a-b7c0-a4ffe9c7ae2f}\key_value_storage.dll

Filesize
158KB

MD5
9bf7f895cff1f0b9ddf5fc077bac314c

SHA1
7e9c0ce6569c6f12c57f34597b213cd4d8f55e68

SHA256
d03e0af01fbcd9ce714caf3db5ca2ab3ca4a717d5fda5c99b77e09b5672498a4

SHA512
d416cfa9446e6c92f0805278c744cf9f8ac6a2bfb96a6e0b2d65e701472ea6feaf5742ed6cef833555188a95c613499e7e14cfe5788427ec2616cfd723021a67

Download Submit
C:\Users\Admin\AppData\Local\Temp\{91fb512a-e991-418a-b7c0-a4ffe9c7ae2f}\klmd.sys

Filesize
368KB

MD5
990442d764ff1262c0b7be1e3088b6d3

SHA1
0b161374074ef2acc101ed23204da00a0acaa86e

SHA256
6c7ccd465090354438b39da8430a5c47e7f24768a5b12ee02fecf8763e77c9e4

SHA512
af3c6dfe32266a9d546f13559dcba7c075d074bdfdaf0e6bf2a8cae787008afa579f0d5f90e0c657dd614bb244a6d95ff8366c14b388e1f4a3ab76cccb23add4

Download Submit
C:\Users\Admin\AppData\Local\Temp\{91fb512a-e991-418a-b7c0-a4ffe9c7ae2f}\klsl.sys

Filesize
87KB

MD5
a69adedb0d47cfb23f23a9562a4405bc

SHA1
9e70576571a15aaf71106ea0cd55e0973ef2dd15

SHA256
31eaa7f1f9872c63091f4b3ec5310686b1dd1e2123af17991a6b4679eda3f62d

SHA512
77abb4435d8d445f7a29cdb8a318486a96122b5cc535da7a63da0fa920980e6ad73e78b72552f6949e66b349bbdc9aa9ea202481046e478c2829c155a1045820

Download Submit
C:\Users\Admin\AppData\Local\Temp\{91fb512a-e991-418a-b7c0-a4ffe9c7ae2f}\ksn_facade.dll

Filesize
1.3MB

MD5
e6db25447957c55f3d9dac2a9a55a0f0

SHA1
a941c1a04ea07fd76b0c191e62d9621d55447cb5

SHA256
6c6305c220444294179da749d639c91bb97afd507d30a322d7c1c16ccf0ac9fc

SHA512
1a4634245990335fccfb3d4eed858f61ca40bb1a12c919b6c737cebcdbde4727a26dac0180de226ff4e7d7229e6d379500396a00f6c235495cfacf3014df099a

Download Submit
C:\Users\Admin\AppData\Local\Temp\{91fb512a-e991-418a-b7c0-a4ffe9c7ae2f}\ksn_meta.dll

Filesize
333KB

MD5
ed5f35496139e9238e9ff33ca7f173b9

SHA1
ed230628b75ccf944ea2ed87317ece7ee8c377c7

SHA256
93c5feb98eb0b3a1cfe1640f6c0025c913bf79c416bebbe5ed28e1ed19341069

SHA512
eb2d3a8e246b961d31ede5a6a29a268a9b81fb8abbfa83eb8e0c12a992e36404e5829a530a7fbd4ba91ba3e0c0c6c19243e4d4740fa9bdf97a25fd629bc05aca

Download Submit
C:\Users\Admin\AppData\Local\Temp\{91fb512a-e991-418a-b7c0-a4ffe9c7ae2f}\msvcp140.dll

Filesize
439KB

MD5
5ff1fca37c466d6723ec67be93b51442

SHA1
34cc4e158092083b13d67d6d2bc9e57b798a303b

SHA256
5136a49a682ac8d7f1ce71b211de8688fce42ed57210af087a8e2dbc8a934062

SHA512
4802ef62630c521d83a1d333969593fb00c9b38f82b4d07f70fbd21f495fea9b3f67676064573d2c71c42bc6f701992989742213501b16087bb6110e337c7546

Download Submit
C:\Users\Admin\AppData\Local\Temp\{91fb512a-e991-418a-b7c0-a4ffe9c7ae2f}\settings.dat

Filesize
1KB

MD5
0a30b703f7c11790ee4cb6a6b37d2b52

SHA1
0a0f62b1d8941eeccceac80faa3c5c75b615c50c

SHA256
12f2b0817e2d8ad8b1c2fae6c5ec6ea81cfcfb7c722b4d0c09058c54b46aad1b

SHA512
6d9f9ffe04e420b8555326885c528004cc71022a5b289b356eb0c1d65f1ac5b2394fb68f16700708b0ebdbd2d46893b1aa0c54795addabdbd22439c983614c05

Download Submit
C:\Users\Admin\AppData\Local\Temp\{91fb512a-e991-418a-b7c0-a4ffe9c7ae2f}\settings.kvdb

Filesize
11KB

MD5
173eee6007354de8cd873f59ffca955f

SHA1
395c5a7cb10d62cc4c63d2d65f849163e61cba5a

SHA256
17dfcf78dca415e3e7afac7519db911c0a93f36388c948aba40bcaa3176589a1

SHA512
465394c349dc74fd8a5c5ce5a89d65f0b0e09432d54517ea12de2bc8ccb329629dde03b0939800d30d008bedf0dca948fd84593bab7b7c8994ba041a7af1af2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\{91fb512a-e991-418a-b7c0-a4ffe9c7ae2f}\storage.dll

Filesize
301KB

MD5
d470615822aa5c5f7078b743a676f152

SHA1
f069bfff46cf0e08b2d615d5a9a289b7c9a6b85c

SHA256
f77657ee84fd1790d0a765ed45a1c832fbeb340cce8ce9011544295c70c1b1dc

SHA512
8826f0924d4444cbe60ec5b24d89f36f6619308b4058e4790e0228614226516eb312dcceb1a3ffe8c0bee8f545efbcffe1188cbf17b9f1c7fb58dad6090be1f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\{91fb512a-e991-418a-b7c0-a4ffe9c7ae2f}\storage.kvdb

Filesize
6KB

MD5
1a3330c4f388360e4c2b0d94fb48a788

SHA1
127ad9be38c4aa491bd1bce6458f99a27c6d465b

SHA256
01b8d0d8c7114b59f159021384c8a59535f87018a6a136a276b5a297f54d776d

SHA512
1fcd1e99e35dc4ec972ab63299637322a27b471d02175d56409a3a114db6259f9cd767ac054c7a2bba075f36ab62f19c8118c3dda93e37b7deda05aa2b260553

Download Submit
C:\Users\Admin\AppData\Local\Temp\{91fb512a-e991-418a-b7c0-a4ffe9c7ae2f}\uds.dll

Filesize
224KB

MD5
02e3b9a72890922cc85080a5039f5d01

SHA1
eef9377cf0ec0ca90b74a2f3aff47218b01bcdd8

SHA256
b3c3a0cd5a8b6b94ae8d598463bcf15c19c07d7b20ca5bb69aa561745d4e83ed

SHA512
1e40f27a67db88f5220b7862cf651e1e51a80c1cfdb8cb473af6c1e47c391b1463ca7626d41000e6b792496d997f30d27597f5642e9f8507f7a99a3a0499d6e3

Download Submit
memory/2204-23-0x0000024A70050000-0x0000024A70072000-memory.dmp

Filesize
136KB

Download
memory/2204-4-0x00007FF8FC343000-0x00007FF8FC345000-memory.dmp

Filesize
8KB

Download
memory/2204-24-0x00007FF8FC340000-0x00007FF8FCE02000-memory.dmp

Filesize
10.8MB

Download
memory/2204-31-0x00007FF8FC340000-0x00007FF8FCE02000-memory.dmp

Filesize
10.8MB

Download
memory/2204-22-0x00007FF8FC340000-0x00007FF8FCE02000-memory.dmp

Filesize
10.8MB

Download
memory/3688-11-0x0000028A21BA0000-0x0000028A21C11000-memory.dmp

Filesize
452KB

Download
memory/3688-5-0x0000000000FC0000-0x0000000000FC2000-memory.dmp

Filesize
8KB

Download
memory/3688-27-0x0000000000FC0000-0x0000000000FC2000-memory.dmp

Filesize
8KB

Download
memory/3688-21-0x0000028A21BA0000-0x0000028A21C11000-memory.dmp

Filesize
452KB

Download
memory/3688-3054-0x0000000000FC0000-0x0000000000FC2000-memory.dmp

Filesize
8KB

Download
memory/3688-25-0x0000028A21BA0000-0x0000028A21C11000-memory.dmp

Filesize
452KB

Download
memory/3688-26-0x0000028A21BA0000-0x0000028A21C11000-memory.dmp

Filesize
452KB

Download
memory/4236-0-0x0000000000482000-0x000000000054B000-memory.dmp

Filesize
804KB

Download
memory/4236-1-0x0000000000400000-0x0000000000686000-memory.dmp

Filesize
2.5MB

Download
memory/4236-28-0x0000000000482000-0x000000000054B000-memory.dmp

Filesize
804KB

Download
memory/5040-51-0x0000000000920000-0x0000000000AA8000-memory.dmp

Filesize
1.5MB

Download
memory/5040-93-0x0000000000920000-0x0000000000AA8000-memory.dmp

Filesize
1.5MB

Download
memory/5040-53-0x0000000000920000-0x0000000000AA8000-memory.dmp

Filesize
1.5MB

Download
memory/5040-47-0x0000000000920000-0x0000000000AA8000-memory.dmp

Filesize
1.5MB

Download
memory/5040-50-0x0000000000920000-0x0000000000AA8000-memory.dmp

Filesize
1.5MB

Download
memory/5040-48-0x0000000000920000-0x0000000000AA8000-memory.dmp

Filesize
1.5MB

Download
memory/5040-46-0x0000000000920000-0x0000000000AA8000-memory.dmp

Filesize
1.5MB

Download
memory/5040-92-0x0000000000920000-0x0000000000AA8000-memory.dmp

Filesize
1.5MB

Download
memory/5040-44-0x0000000140000000-0x000000014043D000-memory.dmp

Filesize
4.2MB

Download
memory/5040-91-0x0000000000920000-0x0000000000AA8000-memory.dmp

Filesize
1.5MB

Download
memory/5040-89-0x0000000000920000-0x0000000000AA8000-memory.dmp

Filesize
1.5MB

Download
memory/5040-88-0x0000000000920000-0x0000000000AA8000-memory.dmp

Filesize
1.5MB

Download
memory/5040-90-0x0000000000920000-0x0000000000AA8000-memory.dmp

Filesize
1.5MB

Download
memory/5040-49-0x0000000000920000-0x0000000000AA8000-memory.dmp

Filesize
1.5MB

Download