File name:

437cb914aeb1fca0a714380ac400101e4e594a13fe245cf589b8a8bca3ae46ba.exe

Full analysis: https://app.any.run/tasks/7f9a2ea0-e9f3-42c2-a8f8-1d4aab2704cd
Verdict: Malicious activity
Analysis date: May 21, 2024, 02:59:02
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

059B378BF1770BDBEA5A02C83399CDB0

SHA1:

6E482362F5C090BC12BAA425C3F01271E6981601

SHA256:

437CB914AEB1FCA0A714380AC400101E4E594A13FE245CF589B8A8BCA3AE46BA

SSDEEP:

6144:379NieV8mSjbU9asmAHiuCb8ogg6CARPISUOgW9X+hOGzC/:3RAeV8JAhiBbh1YKZzcukG2/

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • powershell.exe (PID: 6260)
      • 437cb914aeb1fca0a714380ac400101e4e594a13fe245cf589b8a8bca3ae46ba.exe (PID: 6508)
      • ZPHYQEF.exe (PID: 6748)
      • OFU.exe (PID: 6968)
      • AYXI.exe (PID: 7124)
      • PBHMRNL.exe (PID: 4716)
      • LYN.exe (PID: 4360)
      • ZJJ.exe (PID: 1604)
      • EMNO.exe (PID: 6384)
      • GKGRXCS.exe (PID: 6856)
      • MKNEG.exe (PID: 7088)
      • UDWYU.exe (PID: 4940)
      • OSPAS.exe (PID: 6352)
      • DNMM.exe (PID: 5720)
      • OGPFK.exe (PID: 6276)
      • OZYGQK.exe (PID: 6672)
      • MOXJC.exe (PID: 6860)
      • OMYLIT.exe (PID: 5196)
      • OXHFWF.exe (PID: 3740)
      • FIXCWA.exe (PID: 6448)
      • BGD.exe (PID: 6896)
      • DWFV.exe (PID: 4776)
      • WVHV.exe (PID: 5548)
      • FYGC.exe (PID: 4284)
      • IZJMQBM.exe (PID: 1864)
      • USME.exe (PID: 4004)
      • XCGGEVL.exe (PID: 6364)
      • HCQDE.exe (PID: 6356)
      • DAOA.exe (PID: 1616)
      • ZQIIW.exe (PID: 6656)
      • LJLB.exe (PID: 3592)
      • STUCKC.exe (PID: 1752)
      • URNWQ.exe (PID: 6320)
      • UKWYWDU.exe (PID: 6448)
      • WZPACS.exe (PID: 6368)
      • CAW.exe (PID: 2588)
      • KSFHZ.exe (PID: 6836)
      • VLIA.exe (PID: 4628)
      • MBHCLZ.exe (PID: 3592)
      • OZIF.exe (PID: 3712)
      • RZLOJ.exe (PID: 4424)
      • NJRGGAL.exe (PID: 636)
      • NHFW.exe (PID: 6736)
      • VSOX.exe (PID: 4916)
      • LQNAL.exe (PID: 3708)
      • ELE.exe (PID: 4628)
      • RWIKN.exe (PID: 624)
      • CTTIH.exe (PID: 3640)
      • AZHS.exe (PID: 6316)
      • QWPO.exe (PID: 6308)
      • TXSXD.exe (PID: 6652)
      • NUTS.exe (PID: 5528)
      • CPQ.exe (PID: 6348)
      • TFPP.exe (PID: 4936)
      • RJWG.exe (PID: 7080)
      • JDWR.exe (PID: 2796)
      • OOUD.exe (PID: 7072)
      • OZDEYX.exe (PID: 6548)
      • GCUI.exe (PID: 4264)
      • DZAFJL.exe (PID: 3708)
      • DSIYXP.exe (PID: 1728)
      • QVEFCGG.exe (PID: 1720)
      • FAKCJQI.exe (PID: 5244)
      • OJM.exe (PID: 4148)
      • QTN.exe (PID: 6356)
      • CZIKK.exe (PID: 7060)
      • LOSN.exe (PID: 3740)
      • BSRMY.exe (PID: 6840)
      • FAL.exe (PID: 6292)
      • SVQUU.exe (PID: 6652)
      • FYUAZL.exe (PID: 6300)
      • UFRRI.exe (PID: 6276)
      • RJXMVEU.exe (PID: 4264)
      • UESPG.exe (PID: 4916)
      • UKAWEP.exe (PID: 32)
      • HZEXZYK.exe (PID: 7144)
      • JKXWP.exe (PID: 2332)
      • NFSZIM.exe (PID: 6436)
      • PNBVUN.exe (PID: 232)
      • CJG.exe (PID: 4000)
      • NLAFGG.exe (PID: 5720)
      • PUCBSHW.exe (PID: 6204)
      • CWG.exe (PID: 5896)
      • YUN.exe (PID: 1864)
      • LKRA.exe (PID: 1604)
      • VSSV.exe (PID: 7040)
      • RIN.exe (PID: 704)
      • HYT.exe (PID: 6316)
      • GBSFJ.exe (PID: 5556)
      • EDRD.exe (PID: 380)
      • CZQUQ.exe (PID: 3732)
      • EXRWP.exe (PID: 3708)
      • KQI.exe (PID: 6332)
      • OKC.exe (PID: 5940)
      • XYEY.exe (PID: 6676)
      • BAY.exe (PID: 2764)
      • LJA.exe (PID: 1204)
      • ZOGUM.exe (PID: 7056)
      • ZNOAKL.exe (PID: 3808)
      • WMMRT.exe (PID: 4148)
      • JXIYGR.exe (PID: 2304)
      • NXKZP.exe (PID: 5952)
      • FZXB.exe (PID: 1488)
      • JVQWEM.exe (PID: 7120)
      • UOL.exe (PID: 6124)
      • JTRMUDH.exe (PID: 6416)
      • USDD.exe (PID: 6284)
      • RPAAH.exe (PID: 6688)
      • NGVI.exe (PID: 2288)
      • NJFC.exe (PID: 5592)
      • EUWA.exe (PID: 7132)
      • GDGOX.exe (PID: 6672)
      • TELCRCL.exe (PID: 6408)
      • ILIJJ.exe (PID: 4360)
      • LGKMCD.exe (PID: 232)
      • PSOQSOS.exe (PID: 1728)
      • PAFPM.exe (PID: 2580)
      • MYUFHXM.exe (PID: 3648)
      • XMFKU.exe (PID: 380)
      • NKMNGNW.exe (PID: 588)
      • QGO.exe (PID: 4036)
      • BZRGLMX.exe (PID: 6552)
      • PEPD.exe (PID: 5352)
      • XPXE.exe (PID: 6348)
      • QCXJ.exe (PID: 7064)
      • USRRBHG.exe (PID: 6180)
      • QIGI.exe (PID: 2104)
      • KIYU.exe (PID: 2524)
      • ZMYZ.exe (PID: 6892)
      • DLCOB.exe (PID: 2588)
      • XJDI.exe (PID: 2608)
      • FCEKNN.exe (PID: 7152)
      • HSFMT.exe (PID: 6300)
      • SDJ.exe (PID: 3680)
      • QFP.exe (PID: 4544)
      • QSP.exe (PID: 4312)
      • HWO.exe (PID: 6716)
      • PGX.exe (PID: 5280)
      • AZSM.exe (PID: 7060)
      • SQJ.exe (PID: 2132)
      • WFYKKJ.exe (PID: 2736)
      • LKEHRT.exe (PID: 2044)
      • YNAFWKM.exe (PID: 1572)
      • LYEMBB.exe (PID: 2896)
      • RBAKGTJ.exe (PID: 6976)
      • EWE.exe (PID: 2088)
      • NEOO.exe (PID: 2392)
      • ELERTK.exe (PID: 4524)
      • RHIQENV.exe (PID: 4636)
      • PCH.exe (PID: 4484)
      • TDK.exe (PID: 5232)
      • TNTS.exe (PID: 6276)
      • GSOSDGN.exe (PID: 6404)
      • KGVZNLM.exe (PID: 4936)
      • DJVCS.exe (PID: 1748)
      • QURBXG.exe (PID: 3100)
      • EGOLE.exe (PID: 3656)
      • JGZMFCZ.exe (PID: 1176)
      • KVBOFHE.exe (PID: 2008)
      • ESXYEI.exe (PID: 1728)
      • DQVBQ.exe (PID: 5608)
      • ZYYRTB.exe (PID: 3648)
      • GGHA.exe (PID: 2480)
      • URD.exe (PID: 2484)
      • FKGR.exe (PID: 6408)
      • QHSXW.exe (PID: 5080)
      • SFLRUY.exe (PID: 5720)
      • FIHYZ.exe (PID: 1860)
      • STLW.exe (PID: 5996)
      • JJKHQ.exe (PID: 1568)
      • DOXSOEK.exe (PID: 6196)
      • FEY.exe (PID: 6800)
      • TPUSASM.exe (PID: 4612)
      • GSYRFK.exe (PID: 7076)
      • FOPWX.exe (PID: 924)
      • JTTAWMZ.exe (PID: 6264)
      • PDX.exe (PID: 3396)
      • LBD.exe (PID: 6516)
      • LDUPKBK.exe (PID: 4716)
      • YWHW.exe (PID: 6932)
      • JPKOJ.exe (PID: 5836)
      • XAHV.exe (PID: 1748)
      • YMZC.exe (PID: 7080)
      • ODFD.exe (PID: 6432)
      • CJLARU.exe (PID: 6980)
      • NBOKZJL.exe (PID: 3956)
      • KDDTT.exe (PID: 3508)
      • KVLVH.exe (PID: 4704)
      • BMKRFA.exe (PID: 1192)
      • MKWXRHH.exe (PID: 4380)
      • EFNAVDP.exe (PID: 6404)
      • BKTXDN.exe (PID: 6836)
      • FLWZTYT.exe (PID: 6652)
      • KOSFZP.exe (PID: 5872)
      • GTX.exe (PID: 5592)
      • SMAV.exe (PID: 2748)
      • GVPWIEM.exe (PID: 5008)
      • QUIZ.exe (PID: 7152)
      • HFGP.exe (PID: 7072)
      • OQHQTD.exe (PID: 1724)
      • ZEJO.exe (PID: 5072)
      • QGJMNEQ.exe (PID: 5352)
      • LTOV.exe (PID: 4380)
      • YWS.exe (PID: 1808)
      • FOOTFW.exe (PID: 6424)
      • ANT.exe (PID: 6348)
      • WKZUW.exe (PID: 4664)
      • TQXKD.exe (PID: 3656)
      • CYZXON.exe (PID: 3644)
      • VCXR.exe (PID: 6092)
      • NRCHOUR.exe (PID: 6332)
      • ZON.exe (PID: 1728)
      • ZCN.exe (PID: 380)
      • PZE.exe (PID: 1324)
      • ZHGH.exe (PID: 6476)

    • Creates a writable file in the system directory

      • ZPHYQEF.exe (PID: 6748)
      • UDWYU.exe (PID: 4940)
      • OSPAS.exe (PID: 6352)
      • FIXCWA.exe (PID: 6448)
      • BGD.exe (PID: 6896)
      • ZQIIW.exe (PID: 6656)
      • KSFHZ.exe (PID: 6836)
      • VLIA.exe (PID: 4628)
      • NJRGGAL.exe (PID: 636)
      • CTTIH.exe (PID: 3640)
      • QWPO.exe (PID: 6308)
      • AZHS.exe (PID: 6316)
      • CPQ.exe (PID: 6348)
      • OZDEYX.exe (PID: 6548)
      • GCUI.exe (PID: 4264)
      • QVEFCGG.exe (PID: 1720)
      • CZIKK.exe (PID: 7060)
      • FAL.exe (PID: 6292)
      • UESPG.exe (PID: 4916)
      • UKAWEP.exe (PID: 32)
      • NFSZIM.exe (PID: 6436)
      • NLAFGG.exe (PID: 5720)
      • LKRA.exe (PID: 1604)
      • YUN.exe (PID: 1864)
      • RIN.exe (PID: 704)
      • OKC.exe (PID: 5940)
      • KQI.exe (PID: 6332)
      • XYEY.exe (PID: 6676)

  • SUSPICIOUS

    • Reads the date of Windows installation

      • 437cb914aeb1fca0a714380ac400101e4e594a13fe245cf589b8a8bca3ae46ba.exe (PID: 6508)
      • ZPHYQEF.exe (PID: 6748)
      • OFU.exe (PID: 6968)
      • PBHMRNL.exe (PID: 4716)
      • AYXI.exe (PID: 7124)
      • LYN.exe (PID: 4360)
      • ZJJ.exe (PID: 1604)
      • EMNO.exe (PID: 6384)
      • GKGRXCS.exe (PID: 6856)
      • MKNEG.exe (PID: 7088)
      • UDWYU.exe (PID: 4940)
      • OSPAS.exe (PID: 6352)
      • DNMM.exe (PID: 5720)
      • OGPFK.exe (PID: 6276)
      • OZYGQK.exe (PID: 6672)
      • MOXJC.exe (PID: 6860)
      • OMYLIT.exe (PID: 5196)
      • OXHFWF.exe (PID: 3740)
      • FIXCWA.exe (PID: 6448)
      • WVHV.exe (PID: 5548)
      • BGD.exe (PID: 6896)
      • DWFV.exe (PID: 4776)
      • FYGC.exe (PID: 4284)
      • XCGGEVL.exe (PID: 6364)
      • IZJMQBM.exe (PID: 1864)
      • USME.exe (PID: 4004)
      • HCQDE.exe (PID: 6356)
      • DAOA.exe (PID: 1616)
      • ZQIIW.exe (PID: 6656)
      • LJLB.exe (PID: 3592)
      • STUCKC.exe (PID: 1752)
      • UKWYWDU.exe (PID: 6448)
      • WZPACS.exe (PID: 6368)
      • URNWQ.exe (PID: 6320)
      • CAW.exe (PID: 2588)
      • VLIA.exe (PID: 4628)
      • KSFHZ.exe (PID: 6836)
      • MBHCLZ.exe (PID: 3592)
      • OZIF.exe (PID: 3712)
      • RZLOJ.exe (PID: 4424)
      • NJRGGAL.exe (PID: 636)
      • NHFW.exe (PID: 6736)
      • VSOX.exe (PID: 4916)
      • LQNAL.exe (PID: 3708)
      • ELE.exe (PID: 4628)
      • RWIKN.exe (PID: 624)
      • CTTIH.exe (PID: 3640)
      • QWPO.exe (PID: 6308)
      • AZHS.exe (PID: 6316)
      • TXSXD.exe (PID: 6652)
      • NUTS.exe (PID: 5528)
      • CPQ.exe (PID: 6348)
      • TFPP.exe (PID: 4936)
      • JDWR.exe (PID: 2796)
      • RJWG.exe (PID: 7080)
      • OOUD.exe (PID: 7072)
      • OZDEYX.exe (PID: 6548)
      • GCUI.exe (PID: 4264)
      • DSIYXP.exe (PID: 1728)
      • DZAFJL.exe (PID: 3708)
      • QVEFCGG.exe (PID: 1720)
      • FAKCJQI.exe (PID: 5244)
      • OJM.exe (PID: 4148)
      • QTN.exe (PID: 6356)
      • LOSN.exe (PID: 3740)
      • CZIKK.exe (PID: 7060)
      • BSRMY.exe (PID: 6840)
      • FAL.exe (PID: 6292)
      • UFRRI.exe (PID: 6276)
      • SVQUU.exe (PID: 6652)
      • FYUAZL.exe (PID: 6300)
      • UESPG.exe (PID: 4916)
      • RJXMVEU.exe (PID: 4264)
      • HZEXZYK.exe (PID: 7144)
      • UKAWEP.exe (PID: 32)
      • NFSZIM.exe (PID: 6436)
      • PNBVUN.exe (PID: 232)
      • JKXWP.exe (PID: 2332)
      • CJG.exe (PID: 4000)
      • NLAFGG.exe (PID: 5720)
      • PUCBSHW.exe (PID: 6204)
      • CWG.exe (PID: 5896)
      • LKRA.exe (PID: 1604)
      • YUN.exe (PID: 1864)
      • VSSV.exe (PID: 7040)
      • RIN.exe (PID: 704)
      • HYT.exe (PID: 6316)
      • EDRD.exe (PID: 380)
      • GBSFJ.exe (PID: 5556)
      • CZQUQ.exe (PID: 3732)
      • EXRWP.exe (PID: 3708)
      • OKC.exe (PID: 5940)
      • KQI.exe (PID: 6332)
      • BAY.exe (PID: 2764)
      • XYEY.exe (PID: 6676)
      • LJA.exe (PID: 1204)
      • ZOGUM.exe (PID: 7056)

    • Reads security settings of Internet Explorer

      • 437cb914aeb1fca0a714380ac400101e4e594a13fe245cf589b8a8bca3ae46ba.exe (PID: 6508)
      • ZPHYQEF.exe (PID: 6748)
      • OFU.exe (PID: 6968)
      • AYXI.exe (PID: 7124)
      • PBHMRNL.exe (PID: 4716)
      • LYN.exe (PID: 4360)
      • ZJJ.exe (PID: 1604)
      • EMNO.exe (PID: 6384)
      • GKGRXCS.exe (PID: 6856)
      • MKNEG.exe (PID: 7088)
      • UDWYU.exe (PID: 4940)
      • OSPAS.exe (PID: 6352)
      • DNMM.exe (PID: 5720)
      • OGPFK.exe (PID: 6276)
      • OZYGQK.exe (PID: 6672)
      • MOXJC.exe (PID: 6860)
      • OMYLIT.exe (PID: 5196)
      • OXHFWF.exe (PID: 3740)
      • FIXCWA.exe (PID: 6448)
      • BGD.exe (PID: 6896)
      • WVHV.exe (PID: 5548)
      • DWFV.exe (PID: 4776)
      • FYGC.exe (PID: 4284)
      • XCGGEVL.exe (PID: 6364)
      • IZJMQBM.exe (PID: 1864)
      • USME.exe (PID: 4004)
      • HCQDE.exe (PID: 6356)
      • ZQIIW.exe (PID: 6656)
      • DAOA.exe (PID: 1616)
      • STUCKC.exe (PID: 1752)
      • URNWQ.exe (PID: 6320)
      • LJLB.exe (PID: 3592)
      • WZPACS.exe (PID: 6368)
      • UKWYWDU.exe (PID: 6448)
      • CAW.exe (PID: 2588)
      • VLIA.exe (PID: 4628)
      • KSFHZ.exe (PID: 6836)
      • MBHCLZ.exe (PID: 3592)
      • OZIF.exe (PID: 3712)
      • NJRGGAL.exe (PID: 636)
      • RZLOJ.exe (PID: 4424)
      • NHFW.exe (PID: 6736)
      • VSOX.exe (PID: 4916)
      • LQNAL.exe (PID: 3708)
      • ELE.exe (PID: 4628)
      • RWIKN.exe (PID: 624)
      • CTTIH.exe (PID: 3640)
      • QWPO.exe (PID: 6308)
      • AZHS.exe (PID: 6316)
      • TXSXD.exe (PID: 6652)
      • NUTS.exe (PID: 5528)
      • TFPP.exe (PID: 4936)
      • CPQ.exe (PID: 6348)
      • JDWR.exe (PID: 2796)
      • RJWG.exe (PID: 7080)
      • OOUD.exe (PID: 7072)
      • OZDEYX.exe (PID: 6548)
      • GCUI.exe (PID: 4264)
      • DSIYXP.exe (PID: 1728)
      • DZAFJL.exe (PID: 3708)
      • QVEFCGG.exe (PID: 1720)
      • FAKCJQI.exe (PID: 5244)
      • QTN.exe (PID: 6356)
      • OJM.exe (PID: 4148)
      • LOSN.exe (PID: 3740)
      • CZIKK.exe (PID: 7060)
      • BSRMY.exe (PID: 6840)
      • FAL.exe (PID: 6292)
      • SVQUU.exe (PID: 6652)
      • UFRRI.exe (PID: 6276)
      • FYUAZL.exe (PID: 6300)
      • RJXMVEU.exe (PID: 4264)
      • UESPG.exe (PID: 4916)
      • HZEXZYK.exe (PID: 7144)
      • UKAWEP.exe (PID: 32)
      • NFSZIM.exe (PID: 6436)
      • JKXWP.exe (PID: 2332)
      • PNBVUN.exe (PID: 232)
      • CJG.exe (PID: 4000)
      • NLAFGG.exe (PID: 5720)
      • PUCBSHW.exe (PID: 6204)
      • CWG.exe (PID: 5896)
      • LKRA.exe (PID: 1604)
      • YUN.exe (PID: 1864)
      • RIN.exe (PID: 704)
      • VSSV.exe (PID: 7040)
      • HYT.exe (PID: 6316)
      • EDRD.exe (PID: 380)
      • GBSFJ.exe (PID: 5556)
      • CZQUQ.exe (PID: 3732)
      • EXRWP.exe (PID: 3708)
      • OKC.exe (PID: 5940)
      • KQI.exe (PID: 6332)
      • BAY.exe (PID: 2764)
      • XYEY.exe (PID: 6676)
      • LJA.exe (PID: 1204)
      • ZOGUM.exe (PID: 7056)

    • Executable content was dropped or overwritten

      • 437cb914aeb1fca0a714380ac400101e4e594a13fe245cf589b8a8bca3ae46ba.exe (PID: 6508)
      • ZPHYQEF.exe (PID: 6748)
      • OFU.exe (PID: 6968)
      • AYXI.exe (PID: 7124)
      • PBHMRNL.exe (PID: 4716)
      • LYN.exe (PID: 4360)
      • ZJJ.exe (PID: 1604)
      • GKGRXCS.exe (PID: 6856)
      • EMNO.exe (PID: 6384)
      • MKNEG.exe (PID: 7088)
      • UDWYU.exe (PID: 4940)
      • OSPAS.exe (PID: 6352)
      • DNMM.exe (PID: 5720)
      • OGPFK.exe (PID: 6276)
      • OZYGQK.exe (PID: 6672)
      • MOXJC.exe (PID: 6860)
      • OMYLIT.exe (PID: 5196)
      • OXHFWF.exe (PID: 3740)
      • FIXCWA.exe (PID: 6448)
      • WVHV.exe (PID: 5548)
      • BGD.exe (PID: 6896)
      • DWFV.exe (PID: 4776)
      • FYGC.exe (PID: 4284)
      • IZJMQBM.exe (PID: 1864)
      • USME.exe (PID: 4004)
      • XCGGEVL.exe (PID: 6364)
      • DAOA.exe (PID: 1616)
      • HCQDE.exe (PID: 6356)
      • ZQIIW.exe (PID: 6656)
      • LJLB.exe (PID: 3592)
      • STUCKC.exe (PID: 1752)
      • URNWQ.exe (PID: 6320)
      • UKWYWDU.exe (PID: 6448)
      • WZPACS.exe (PID: 6368)
      • CAW.exe (PID: 2588)
      • KSFHZ.exe (PID: 6836)
      • VLIA.exe (PID: 4628)
      • MBHCLZ.exe (PID: 3592)
      • OZIF.exe (PID: 3712)
      • RZLOJ.exe (PID: 4424)
      • NJRGGAL.exe (PID: 636)
      • VSOX.exe (PID: 4916)
      • NHFW.exe (PID: 6736)
      • LQNAL.exe (PID: 3708)
      • ELE.exe (PID: 4628)
      • RWIKN.exe (PID: 624)
      • CTTIH.exe (PID: 3640)
      • QWPO.exe (PID: 6308)
      • AZHS.exe (PID: 6316)
      • TXSXD.exe (PID: 6652)
      • NUTS.exe (PID: 5528)
      • CPQ.exe (PID: 6348)
      • TFPP.exe (PID: 4936)
      • JDWR.exe (PID: 2796)
      • RJWG.exe (PID: 7080)
      • OOUD.exe (PID: 7072)
      • OZDEYX.exe (PID: 6548)
      • GCUI.exe (PID: 4264)
      • DSIYXP.exe (PID: 1728)
      • DZAFJL.exe (PID: 3708)
      • QVEFCGG.exe (PID: 1720)
      • FAKCJQI.exe (PID: 5244)
      • QTN.exe (PID: 6356)
      • OJM.exe (PID: 4148)
      • LOSN.exe (PID: 3740)
      • CZIKK.exe (PID: 7060)
      • FAL.exe (PID: 6292)
      • UFRRI.exe (PID: 6276)
      • SVQUU.exe (PID: 6652)
      • BSRMY.exe (PID: 6840)
      • FYUAZL.exe (PID: 6300)
      • UESPG.exe (PID: 4916)
      • RJXMVEU.exe (PID: 4264)
      • UKAWEP.exe (PID: 32)
      • HZEXZYK.exe (PID: 7144)
      • JKXWP.exe (PID: 2332)
      • NFSZIM.exe (PID: 6436)
      • PNBVUN.exe (PID: 232)
      • CJG.exe (PID: 4000)
      • NLAFGG.exe (PID: 5720)
      • PUCBSHW.exe (PID: 6204)
      • CWG.exe (PID: 5896)
      • LKRA.exe (PID: 1604)
      • YUN.exe (PID: 1864)
      • VSSV.exe (PID: 7040)
      • RIN.exe (PID: 704)
      • HYT.exe (PID: 6316)
      • GBSFJ.exe (PID: 5556)
      • EDRD.exe (PID: 380)
      • CZQUQ.exe (PID: 3732)
      • EXRWP.exe (PID: 3708)
      • KQI.exe (PID: 6332)
      • OKC.exe (PID: 5940)
      • BAY.exe (PID: 2764)
      • XYEY.exe (PID: 6676)
      • LJA.exe (PID: 1204)
      • ZOGUM.exe (PID: 7056)
      • WMMRT.exe (PID: 4148)
      • JXIYGR.exe (PID: 2304)
      • ZNOAKL.exe (PID: 3808)
      • NXKZP.exe (PID: 5952)
      • JVQWEM.exe (PID: 7120)
      • UOL.exe (PID: 6124)
      • JTRMUDH.exe (PID: 6416)
      • FZXB.exe (PID: 1488)
      • NJFC.exe (PID: 5592)
      • NGVI.exe (PID: 2288)
      • EUWA.exe (PID: 7132)
      • USDD.exe (PID: 6284)
      • RPAAH.exe (PID: 6688)
      • TELCRCL.exe (PID: 6408)
      • ILIJJ.exe (PID: 4360)
      • GDGOX.exe (PID: 6672)
      • LGKMCD.exe (PID: 232)
      • NKMNGNW.exe (PID: 588)
      • PAFPM.exe (PID: 2580)
      • PSOQSOS.exe (PID: 1728)
      • XMFKU.exe (PID: 380)
      • BZRGLMX.exe (PID: 6552)
      • PEPD.exe (PID: 5352)
      • XPXE.exe (PID: 6348)
      • MYUFHXM.exe (PID: 3648)
      • QGO.exe (PID: 4036)
      • ZMYZ.exe (PID: 6892)
      • USRRBHG.exe (PID: 6180)
      • KIYU.exe (PID: 2524)
      • QIGI.exe (PID: 2104)
      • QCXJ.exe (PID: 7064)
      • DLCOB.exe (PID: 2588)
      • FCEKNN.exe (PID: 7152)
      • XJDI.exe (PID: 2608)
      • SDJ.exe (PID: 3680)
      • QSP.exe (PID: 4312)
      • QFP.exe (PID: 4544)
      • HSFMT.exe (PID: 6300)
      • SQJ.exe (PID: 2132)
      • HWO.exe (PID: 6716)
      • PGX.exe (PID: 5280)
      • AZSM.exe (PID: 7060)
      • LKEHRT.exe (PID: 2044)
      • YNAFWKM.exe (PID: 1572)
      • LYEMBB.exe (PID: 2896)
      • WFYKKJ.exe (PID: 2736)
      • ELERTK.exe (PID: 4524)
      • RHIQENV.exe (PID: 4636)
      • NEOO.exe (PID: 2392)
      • RBAKGTJ.exe (PID: 6976)
      • EWE.exe (PID: 2088)
      • PCH.exe (PID: 4484)
      • TDK.exe (PID: 5232)
      • TNTS.exe (PID: 6276)
      • GSOSDGN.exe (PID: 6404)
      • KGVZNLM.exe (PID: 4936)
      • QURBXG.exe (PID: 3100)
      • EGOLE.exe (PID: 3656)
      • DJVCS.exe (PID: 1748)
      • DQVBQ.exe (PID: 5608)
      • ZYYRTB.exe (PID: 3648)
      • KVBOFHE.exe (PID: 2008)
      • ESXYEI.exe (PID: 1728)
      • GGHA.exe (PID: 2480)
      • URD.exe (PID: 2484)
      • FKGR.exe (PID: 6408)
      • JGZMFCZ.exe (PID: 1176)
      • SFLRUY.exe (PID: 5720)
      • STLW.exe (PID: 5996)
      • JJKHQ.exe (PID: 1568)
      • FOPWX.exe (PID: 924)
      • QHSXW.exe (PID: 5080)
      • FIHYZ.exe (PID: 1860)
      • FEY.exe (PID: 6800)
      • TPUSASM.exe (PID: 4612)
      • GSYRFK.exe (PID: 7076)
      • DOXSOEK.exe (PID: 6196)
      • LDUPKBK.exe (PID: 4716)
      • JTTAWMZ.exe (PID: 6264)
      • PDX.exe (PID: 3396)
      • LBD.exe (PID: 6516)
      • YWHW.exe (PID: 6932)
      • JPKOJ.exe (PID: 5836)
      • XAHV.exe (PID: 1748)
      • YMZC.exe (PID: 7080)
      • KVLVH.exe (PID: 4704)
      • ODFD.exe (PID: 6432)
      • CJLARU.exe (PID: 6980)
      • NBOKZJL.exe (PID: 3956)
      • KDDTT.exe (PID: 3508)
      • BMKRFA.exe (PID: 1192)
      • MKWXRHH.exe (PID: 4380)
      • BKTXDN.exe (PID: 6836)
      • EFNAVDP.exe (PID: 6404)
      • FLWZTYT.exe (PID: 6652)
      • KOSFZP.exe (PID: 5872)
      • GTX.exe (PID: 5592)
      • GVPWIEM.exe (PID: 5008)
      • ZEJO.exe (PID: 5072)
      • QUIZ.exe (PID: 7152)
      • HFGP.exe (PID: 7072)
      • OQHQTD.exe (PID: 1724)
      • SMAV.exe (PID: 2748)
      • LTOV.exe (PID: 4380)
      • YWS.exe (PID: 1808)
      • FOOTFW.exe (PID: 6424)
      • QGJMNEQ.exe (PID: 5352)
      • WKZUW.exe (PID: 4664)
      • TQXKD.exe (PID: 3656)
      • VCXR.exe (PID: 6092)
      • ANT.exe (PID: 6348)
      • CYZXON.exe (PID: 3644)
      • NRCHOUR.exe (PID: 6332)
      • ZON.exe (PID: 1728)
      • PZE.exe (PID: 1324)
      • ZCN.exe (PID: 380)
      • ZHGH.exe (PID: 6476)

    • Starts CMD.EXE for commands execution

      • 437cb914aeb1fca0a714380ac400101e4e594a13fe245cf589b8a8bca3ae46ba.exe (PID: 6508)
      • ZPHYQEF.exe (PID: 6748)
      • OFU.exe (PID: 6968)
      • AYXI.exe (PID: 7124)
      • PBHMRNL.exe (PID: 4716)
      • LYN.exe (PID: 4360)
      • ZJJ.exe (PID: 1604)
      • EMNO.exe (PID: 6384)
      • GKGRXCS.exe (PID: 6856)
      • MKNEG.exe (PID: 7088)
      • UDWYU.exe (PID: 4940)
      • DNMM.exe (PID: 5720)
      • OSPAS.exe (PID: 6352)
      • OGPFK.exe (PID: 6276)
      • OZYGQK.exe (PID: 6672)
      • MOXJC.exe (PID: 6860)
      • OXHFWF.exe (PID: 3740)
      • FIXCWA.exe (PID: 6448)
      • OMYLIT.exe (PID: 5196)
      • BGD.exe (PID: 6896)
      • WVHV.exe (PID: 5548)
      • DWFV.exe (PID: 4776)
      • FYGC.exe (PID: 4284)
      • XCGGEVL.exe (PID: 6364)
      • IZJMQBM.exe (PID: 1864)
      • USME.exe (PID: 4004)
      • HCQDE.exe (PID: 6356)
      • DAOA.exe (PID: 1616)
      • ZQIIW.exe (PID: 6656)
      • LJLB.exe (PID: 3592)
      • STUCKC.exe (PID: 1752)
      • URNWQ.exe (PID: 6320)
      • UKWYWDU.exe (PID: 6448)
      • CAW.exe (PID: 2588)
      • WZPACS.exe (PID: 6368)
      • KSFHZ.exe (PID: 6836)
      • VLIA.exe (PID: 4628)
      • MBHCLZ.exe (PID: 3592)
      • OZIF.exe (PID: 3712)
      • RZLOJ.exe (PID: 4424)
      • NJRGGAL.exe (PID: 636)
      • NHFW.exe (PID: 6736)
      • VSOX.exe (PID: 4916)
      • LQNAL.exe (PID: 3708)
      • ELE.exe (PID: 4628)
      • RWIKN.exe (PID: 624)
      • CTTIH.exe (PID: 3640)
      • QWPO.exe (PID: 6308)
      • AZHS.exe (PID: 6316)
      • TXSXD.exe (PID: 6652)
      • CPQ.exe (PID: 6348)
      • NUTS.exe (PID: 5528)
      • TFPP.exe (PID: 4936)
      • JDWR.exe (PID: 2796)
      • RJWG.exe (PID: 7080)
      • OOUD.exe (PID: 7072)
      • GCUI.exe (PID: 4264)
      • OZDEYX.exe (PID: 6548)
      • DZAFJL.exe (PID: 3708)
      • DSIYXP.exe (PID: 1728)
      • QVEFCGG.exe (PID: 1720)
      • FAKCJQI.exe (PID: 5244)
      • QTN.exe (PID: 6356)
      • OJM.exe (PID: 4148)
      • LOSN.exe (PID: 3740)
      • CZIKK.exe (PID: 7060)
      • FAL.exe (PID: 6292)
      • SVQUU.exe (PID: 6652)
      • UFRRI.exe (PID: 6276)
      • FYUAZL.exe (PID: 6300)
      • BSRMY.exe (PID: 6840)
      • UESPG.exe (PID: 4916)
      • RJXMVEU.exe (PID: 4264)
      • HZEXZYK.exe (PID: 7144)
      • NFSZIM.exe (PID: 6436)
      • UKAWEP.exe (PID: 32)
      • JKXWP.exe (PID: 2332)
      • NLAFGG.exe (PID: 5720)
      • PNBVUN.exe (PID: 232)
      • CJG.exe (PID: 4000)
      • PUCBSHW.exe (PID: 6204)
      • CWG.exe (PID: 5896)
      • LKRA.exe (PID: 1604)
      • VSSV.exe (PID: 7040)
      • YUN.exe (PID: 1864)
      • RIN.exe (PID: 704)
      • HYT.exe (PID: 6316)
      • EDRD.exe (PID: 380)
      • GBSFJ.exe (PID: 5556)
      • CZQUQ.exe (PID: 3732)
      • EXRWP.exe (PID: 3708)
      • OKC.exe (PID: 5940)
      • KQI.exe (PID: 6332)
      • BAY.exe (PID: 2764)
      • XYEY.exe (PID: 6676)
      • LJA.exe (PID: 1204)
      • ZOGUM.exe (PID: 7056)
      • WMMRT.exe (PID: 4148)
      • JXIYGR.exe (PID: 2304)
      • ZNOAKL.exe (PID: 3808)
      • NXKZP.exe (PID: 5952)
      • UOL.exe (PID: 6124)
      • JTRMUDH.exe (PID: 6416)
      • FZXB.exe (PID: 1488)
      • JVQWEM.exe (PID: 7120)
      • EUWA.exe (PID: 7132)
      • USDD.exe (PID: 6284)
      • RPAAH.exe (PID: 6688)
      • NJFC.exe (PID: 5592)
      • GDGOX.exe (PID: 6672)
      • LGKMCD.exe (PID: 232)
      • ILIJJ.exe (PID: 4360)
      • TELCRCL.exe (PID: 6408)
      • NGVI.exe (PID: 2288)
      • XMFKU.exe (PID: 380)
      • NKMNGNW.exe (PID: 588)
      • PAFPM.exe (PID: 2580)
      • PSOQSOS.exe (PID: 1728)
      • XPXE.exe (PID: 6348)
      • PEPD.exe (PID: 5352)
      • QGO.exe (PID: 4036)
      • BZRGLMX.exe (PID: 6552)
      • MYUFHXM.exe (PID: 3648)
      • QCXJ.exe (PID: 7064)
      • USRRBHG.exe (PID: 6180)
      • KIYU.exe (PID: 2524)
      • ZMYZ.exe (PID: 6892)
      • QIGI.exe (PID: 2104)
      • DLCOB.exe (PID: 2588)
      • XJDI.exe (PID: 2608)
      • FCEKNN.exe (PID: 7152)
      • QFP.exe (PID: 4544)
      • SDJ.exe (PID: 3680)
      • HSFMT.exe (PID: 6300)
      • QSP.exe (PID: 4312)
      • HWO.exe (PID: 6716)
      • PGX.exe (PID: 5280)
      • AZSM.exe (PID: 7060)
      • SQJ.exe (PID: 2132)
      • YNAFWKM.exe (PID: 1572)
      • LYEMBB.exe (PID: 2896)
      • WFYKKJ.exe (PID: 2736)
      • LKEHRT.exe (PID: 2044)
      • ELERTK.exe (PID: 4524)
      • EWE.exe (PID: 2088)
      • RHIQENV.exe (PID: 4636)
      • NEOO.exe (PID: 2392)
      • RBAKGTJ.exe (PID: 6976)
      • PCH.exe (PID: 4484)
      • GSOSDGN.exe (PID: 6404)
      • TDK.exe (PID: 5232)
      • TNTS.exe (PID: 6276)
      • KGVZNLM.exe (PID: 4936)
      • DJVCS.exe (PID: 1748)
      • QURBXG.exe (PID: 3100)
      • EGOLE.exe (PID: 3656)
      • DQVBQ.exe (PID: 5608)
      • ZYYRTB.exe (PID: 3648)
      • ESXYEI.exe (PID: 1728)
      • KVBOFHE.exe (PID: 2008)
      • JGZMFCZ.exe (PID: 1176)
      • GGHA.exe (PID: 2480)
      • URD.exe (PID: 2484)
      • FKGR.exe (PID: 6408)
      • SFLRUY.exe (PID: 5720)
      • FIHYZ.exe (PID: 1860)
      • STLW.exe (PID: 5996)
      • JJKHQ.exe (PID: 1568)
      • QHSXW.exe (PID: 5080)
      • FOPWX.exe (PID: 924)
      • DOXSOEK.exe (PID: 6196)
      • FEY.exe (PID: 6800)
      • TPUSASM.exe (PID: 4612)
      • LDUPKBK.exe (PID: 4716)
      • JTTAWMZ.exe (PID: 6264)
      • PDX.exe (PID: 3396)
      • LBD.exe (PID: 6516)
      • GSYRFK.exe (PID: 7076)
      • YWHW.exe (PID: 6932)
      • YMZC.exe (PID: 7080)
      • JPKOJ.exe (PID: 5836)
      • XAHV.exe (PID: 1748)
      • KDDTT.exe (PID: 3508)
      • KVLVH.exe (PID: 4704)
      • ODFD.exe (PID: 6432)
      • CJLARU.exe (PID: 6980)
      • BMKRFA.exe (PID: 1192)
      • MKWXRHH.exe (PID: 4380)
      • EFNAVDP.exe (PID: 6404)
      • BKTXDN.exe (PID: 6836)
      • NBOKZJL.exe (PID: 3956)
      • GVPWIEM.exe (PID: 5008)
      • KOSFZP.exe (PID: 5872)
      • GTX.exe (PID: 5592)
      • FLWZTYT.exe (PID: 6652)
      • SMAV.exe (PID: 2748)
      • ZEJO.exe (PID: 5072)
      • QUIZ.exe (PID: 7152)
      • HFGP.exe (PID: 7072)
      • QGJMNEQ.exe (PID: 5352)
      • LTOV.exe (PID: 4380)
      • YWS.exe (PID: 1808)
      • OQHQTD.exe (PID: 1724)
      • FOOTFW.exe (PID: 6424)
      • VCXR.exe (PID: 6092)
      • ANT.exe (PID: 6348)
      • TQXKD.exe (PID: 3656)
      • WKZUW.exe (PID: 4664)
      • ZCN.exe (PID: 380)
      • ZON.exe (PID: 1728)
      • PZE.exe (PID: 1324)
      • CYZXON.exe (PID: 3644)
      • NRCHOUR.exe (PID: 6332)
      • ZHGH.exe (PID: 6476)

    • Executing commands from a ".bat" file

      • 437cb914aeb1fca0a714380ac400101e4e594a13fe245cf589b8a8bca3ae46ba.exe (PID: 6508)
      • ZPHYQEF.exe (PID: 6748)
      • OFU.exe (PID: 6968)
      • PBHMRNL.exe (PID: 4716)
      • AYXI.exe (PID: 7124)
      • LYN.exe (PID: 4360)
      • ZJJ.exe (PID: 1604)
      • EMNO.exe (PID: 6384)
      • GKGRXCS.exe (PID: 6856)
      • MKNEG.exe (PID: 7088)
      • UDWYU.exe (PID: 4940)
      • OSPAS.exe (PID: 6352)
      • DNMM.exe (PID: 5720)
      • OGPFK.exe (PID: 6276)
      • OZYGQK.exe (PID: 6672)
      • OMYLIT.exe (PID: 5196)
      • MOXJC.exe (PID: 6860)
      • OXHFWF.exe (PID: 3740)
      • FIXCWA.exe (PID: 6448)
      • WVHV.exe (PID: 5548)
      • BGD.exe (PID: 6896)
      • DWFV.exe (PID: 4776)
      • FYGC.exe (PID: 4284)
      • IZJMQBM.exe (PID: 1864)
      • XCGGEVL.exe (PID: 6364)
      • USME.exe (PID: 4004)
      • HCQDE.exe (PID: 6356)
      • ZQIIW.exe (PID: 6656)
      • DAOA.exe (PID: 1616)
      • LJLB.exe (PID: 3592)
      • STUCKC.exe (PID: 1752)
      • URNWQ.exe (PID: 6320)
      • UKWYWDU.exe (PID: 6448)
      • WZPACS.exe (PID: 6368)
      • CAW.exe (PID: 2588)
      • KSFHZ.exe (PID: 6836)
      • VLIA.exe (PID: 4628)
      • MBHCLZ.exe (PID: 3592)
      • OZIF.exe (PID: 3712)
      • NJRGGAL.exe (PID: 636)
      • RZLOJ.exe (PID: 4424)
      • NHFW.exe (PID: 6736)
      • VSOX.exe (PID: 4916)
      • LQNAL.exe (PID: 3708)
      • ELE.exe (PID: 4628)
      • RWIKN.exe (PID: 624)
      • CTTIH.exe (PID: 3640)
      • QWPO.exe (PID: 6308)
      • AZHS.exe (PID: 6316)
      • TXSXD.exe (PID: 6652)
      • NUTS.exe (PID: 5528)
      • CPQ.exe (PID: 6348)
      • TFPP.exe (PID: 4936)
      • JDWR.exe (PID: 2796)
      • RJWG.exe (PID: 7080)
      • OOUD.exe (PID: 7072)
      • OZDEYX.exe (PID: 6548)
      • GCUI.exe (PID: 4264)
      • DZAFJL.exe (PID: 3708)
      • DSIYXP.exe (PID: 1728)
      • FAKCJQI.exe (PID: 5244)
      • QVEFCGG.exe (PID: 1720)
      • QTN.exe (PID: 6356)
      • OJM.exe (PID: 4148)
      • CZIKK.exe (PID: 7060)
      • LOSN.exe (PID: 3740)
      • BSRMY.exe (PID: 6840)
      • UFRRI.exe (PID: 6276)
      • FAL.exe (PID: 6292)
      • SVQUU.exe (PID: 6652)
      • FYUAZL.exe (PID: 6300)
      • UESPG.exe (PID: 4916)
      • RJXMVEU.exe (PID: 4264)
      • HZEXZYK.exe (PID: 7144)
      • NFSZIM.exe (PID: 6436)
      • UKAWEP.exe (PID: 32)
      • JKXWP.exe (PID: 2332)
      • CJG.exe (PID: 4000)
      • PNBVUN.exe (PID: 232)
      • NLAFGG.exe (PID: 5720)
      • CWG.exe (PID: 5896)
      • PUCBSHW.exe (PID: 6204)
      • LKRA.exe (PID: 1604)
      • YUN.exe (PID: 1864)
      • VSSV.exe (PID: 7040)
      • RIN.exe (PID: 704)
      • HYT.exe (PID: 6316)
      • EDRD.exe (PID: 380)
      • GBSFJ.exe (PID: 5556)
      • CZQUQ.exe (PID: 3732)
      • EXRWP.exe (PID: 3708)
      • OKC.exe (PID: 5940)
      • BAY.exe (PID: 2764)
      • KQI.exe (PID: 6332)
      • XYEY.exe (PID: 6676)
      • LJA.exe (PID: 1204)
      • WMMRT.exe (PID: 4148)
      • JXIYGR.exe (PID: 2304)
      • ZOGUM.exe (PID: 7056)
      • ZNOAKL.exe (PID: 3808)
      • JVQWEM.exe (PID: 7120)
      • JTRMUDH.exe (PID: 6416)
      • NXKZP.exe (PID: 5952)
      • UOL.exe (PID: 6124)
      • FZXB.exe (PID: 1488)
      • EUWA.exe (PID: 7132)
      • RPAAH.exe (PID: 6688)
      • NGVI.exe (PID: 2288)
      • NJFC.exe (PID: 5592)
      • USDD.exe (PID: 6284)
      • GDGOX.exe (PID: 6672)
      • LGKMCD.exe (PID: 232)
      • ILIJJ.exe (PID: 4360)
      • XMFKU.exe (PID: 380)
      • PSOQSOS.exe (PID: 1728)
      • NKMNGNW.exe (PID: 588)
      • PAFPM.exe (PID: 2580)
      • TELCRCL.exe (PID: 6408)
      • QGO.exe (PID: 4036)
      • BZRGLMX.exe (PID: 6552)
      • PEPD.exe (PID: 5352)
      • XPXE.exe (PID: 6348)
      • MYUFHXM.exe (PID: 3648)
      • QCXJ.exe (PID: 7064)
      • USRRBHG.exe (PID: 6180)
      • KIYU.exe (PID: 2524)
      • QIGI.exe (PID: 2104)
      • ZMYZ.exe (PID: 6892)
      • DLCOB.exe (PID: 2588)
      • XJDI.exe (PID: 2608)
      • FCEKNN.exe (PID: 7152)
      • SDJ.exe (PID: 3680)
      • QSP.exe (PID: 4312)
      • QFP.exe (PID: 4544)
      • HSFMT.exe (PID: 6300)
      • HWO.exe (PID: 6716)
      • PGX.exe (PID: 5280)
      • AZSM.exe (PID: 7060)
      • SQJ.exe (PID: 2132)
      • LKEHRT.exe (PID: 2044)
      • LYEMBB.exe (PID: 2896)
      • YNAFWKM.exe (PID: 1572)
      • WFYKKJ.exe (PID: 2736)
      • EWE.exe (PID: 2088)
      • RHIQENV.exe (PID: 4636)
      • RBAKGTJ.exe (PID: 6976)
      • ELERTK.exe (PID: 4524)
      • PCH.exe (PID: 4484)
      • GSOSDGN.exe (PID: 6404)
      • TDK.exe (PID: 5232)
      • TNTS.exe (PID: 6276)
      • NEOO.exe (PID: 2392)
      • EGOLE.exe (PID: 3656)
      • DJVCS.exe (PID: 1748)
      • QURBXG.exe (PID: 3100)
      • KGVZNLM.exe (PID: 4936)
      • ZYYRTB.exe (PID: 3648)
      • KVBOFHE.exe (PID: 2008)
      • ESXYEI.exe (PID: 1728)
      • DQVBQ.exe (PID: 5608)
      • GGHA.exe (PID: 2480)
      • URD.exe (PID: 2484)
      • FKGR.exe (PID: 6408)
      • JGZMFCZ.exe (PID: 1176)
      • SFLRUY.exe (PID: 5720)
      • FIHYZ.exe (PID: 1860)
      • STLW.exe (PID: 5996)
      • JJKHQ.exe (PID: 1568)
      • QHSXW.exe (PID: 5080)
      • FOPWX.exe (PID: 924)
      • FEY.exe (PID: 6800)
      • DOXSOEK.exe (PID: 6196)
      • TPUSASM.exe (PID: 4612)
      • LDUPKBK.exe (PID: 4716)
      • PDX.exe (PID: 3396)
      • GSYRFK.exe (PID: 7076)
      • JTTAWMZ.exe (PID: 6264)
      • YMZC.exe (PID: 7080)
      • XAHV.exe (PID: 1748)
      • JPKOJ.exe (PID: 5836)
      • LBD.exe (PID: 6516)
      • YWHW.exe (PID: 6932)
      • KDDTT.exe (PID: 3508)
      • KVLVH.exe (PID: 4704)
      • ODFD.exe (PID: 6432)
      • CJLARU.exe (PID: 6980)
      • BMKRFA.exe (PID: 1192)
      • MKWXRHH.exe (PID: 4380)
      • EFNAVDP.exe (PID: 6404)
      • NBOKZJL.exe (PID: 3956)
      • GVPWIEM.exe (PID: 5008)
      • FLWZTYT.exe (PID: 6652)
      • KOSFZP.exe (PID: 5872)
      • BKTXDN.exe (PID: 6836)
      • GTX.exe (PID: 5592)
      • SMAV.exe (PID: 2748)
      • ZEJO.exe (PID: 5072)
      • QUIZ.exe (PID: 7152)
      • HFGP.exe (PID: 7072)
      • FOOTFW.exe (PID: 6424)
      • QGJMNEQ.exe (PID: 5352)
      • LTOV.exe (PID: 4380)
      • YWS.exe (PID: 1808)
      • OQHQTD.exe (PID: 1724)
      • ANT.exe (PID: 6348)
      • WKZUW.exe (PID: 4664)
      • TQXKD.exe (PID: 3656)
      • CYZXON.exe (PID: 3644)
      • VCXR.exe (PID: 6092)
      • NRCHOUR.exe (PID: 6332)
      • ZON.exe (PID: 1728)
      • PZE.exe (PID: 1324)
      • ZCN.exe (PID: 380)
      • ZHGH.exe (PID: 6476)

    • Executes application which crashes

      • 437cb914aeb1fca0a714380ac400101e4e594a13fe245cf589b8a8bca3ae46ba.exe (PID: 6508)
      • ZPHYQEF.exe (PID: 6748)
      • OFU.exe (PID: 6968)
      • AYXI.exe (PID: 7124)
      • OGPFK.exe (PID: 6276)
      • WVHV.exe (PID: 5548)
      • KSFHZ.exe (PID: 6836)
      • NHFW.exe (PID: 6736)
      • RWIKN.exe (PID: 624)
      • TXSXD.exe (PID: 6652)
      • RJWG.exe (PID: 7080)
      • QVEFCGG.exe (PID: 1720)
      • CZIKK.exe (PID: 7060)
      • FYUAZL.exe (PID: 6300)
      • LKRA.exe (PID: 1604)
      • WMMRT.exe (PID: 4148)
      • RPAAH.exe (PID: 6688)
      • TELCRCL.exe (PID: 6408)
      • ZMYZ.exe (PID: 6892)
      • SQJ.exe (PID: 2132)
      • LKEHRT.exe (PID: 2044)
      • RHIQENV.exe (PID: 4636)
      • TNTS.exe (PID: 6276)
      • DQVBQ.exe (PID: 5608)
      • FKGR.exe (PID: 6408)
      • FOPWX.exe (PID: 924)
      • GSYRFK.exe (PID: 7076)
      • YWHW.exe (PID: 6932)
      • CJLARU.exe (PID: 6980)
      • GVPWIEM.exe (PID: 5008)
      • SMAV.exe (PID: 2748)
      • TQXKD.exe (PID: 3656)
      • ZCN.exe (PID: 380)

  • INFO

    • Checks supported languages

      • 437cb914aeb1fca0a714380ac400101e4e594a13fe245cf589b8a8bca3ae46ba.exe (PID: 6508)
      • ZPHYQEF.exe (PID: 6748)
      • OFU.exe (PID: 6968)
      • AYXI.exe (PID: 7124)
      • PBHMRNL.exe (PID: 4716)
      • LYN.exe (PID: 4360)
      • ZJJ.exe (PID: 1604)
      • EMNO.exe (PID: 6384)
      • GKGRXCS.exe (PID: 6856)
      • MKNEG.exe (PID: 7088)
      • UDWYU.exe (PID: 4940)
      • OSPAS.exe (PID: 6352)
      • DNMM.exe (PID: 5720)
      • OGPFK.exe (PID: 6276)
      • OZYGQK.exe (PID: 6672)
      • MOXJC.exe (PID: 6860)
      • OMYLIT.exe (PID: 5196)
      • OXHFWF.exe (PID: 3740)
      • FIXCWA.exe (PID: 6448)
      • WVHV.exe (PID: 5548)
      • BGD.exe (PID: 6896)
      • DWFV.exe (PID: 4776)
      • FYGC.exe (PID: 4284)
      • XCGGEVL.exe (PID: 6364)
      • IZJMQBM.exe (PID: 1864)
      • USME.exe (PID: 4004)
      • HCQDE.exe (PID: 6356)
      • DAOA.exe (PID: 1616)
      • ZQIIW.exe (PID: 6656)
      • LJLB.exe (PID: 3592)
      • STUCKC.exe (PID: 1752)
      • URNWQ.exe (PID: 6320)
      • UKWYWDU.exe (PID: 6448)
      • WZPACS.exe (PID: 6368)
      • CAW.exe (PID: 2588)
      • KSFHZ.exe (PID: 6836)
      • VLIA.exe (PID: 4628)
      • MBHCLZ.exe (PID: 3592)
      • OZIF.exe (PID: 3712)
      • NJRGGAL.exe (PID: 636)
      • RZLOJ.exe (PID: 4424)
      • NHFW.exe (PID: 6736)
      • VSOX.exe (PID: 4916)
      • LQNAL.exe (PID: 3708)
      • ELE.exe (PID: 4628)
      • RWIKN.exe (PID: 624)
      • CTTIH.exe (PID: 3640)
      • QWPO.exe (PID: 6308)
      • AZHS.exe (PID: 6316)
      • TXSXD.exe (PID: 6652)
      • NUTS.exe (PID: 5528)
      • CPQ.exe (PID: 6348)
      • TFPP.exe (PID: 4936)
      • JDWR.exe (PID: 2796)
      • RJWG.exe (PID: 7080)
      • OOUD.exe (PID: 7072)
      • OZDEYX.exe (PID: 6548)
      • GCUI.exe (PID: 4264)
      • DZAFJL.exe (PID: 3708)
      • DSIYXP.exe (PID: 1728)
      • QVEFCGG.exe (PID: 1720)
      • QTN.exe (PID: 6356)
      • FAKCJQI.exe (PID: 5244)
      • OJM.exe (PID: 4148)
      • LOSN.exe (PID: 3740)
      • CZIKK.exe (PID: 7060)
      • UFRRI.exe (PID: 6276)
      • FAL.exe (PID: 6292)
      • SVQUU.exe (PID: 6652)
      • FYUAZL.exe (PID: 6300)
      • BSRMY.exe (PID: 6840)
      • UESPG.exe (PID: 4916)
      • RJXMVEU.exe (PID: 4264)
      • UKAWEP.exe (PID: 32)
      • HZEXZYK.exe (PID: 7144)
      • NFSZIM.exe (PID: 6436)
      • JKXWP.exe (PID: 2332)
      • PNBVUN.exe (PID: 232)
      • NLAFGG.exe (PID: 5720)
      • CJG.exe (PID: 4000)
      • PUCBSHW.exe (PID: 6204)
      • CWG.exe (PID: 5896)
      • YUN.exe (PID: 1864)
      • LKRA.exe (PID: 1604)
      • VSSV.exe (PID: 7040)
      • RIN.exe (PID: 704)
      • HYT.exe (PID: 6316)
      • GBSFJ.exe (PID: 5556)
      • CZQUQ.exe (PID: 3732)
      • EDRD.exe (PID: 380)
      • EXRWP.exe (PID: 3708)
      • KQI.exe (PID: 6332)
      • OKC.exe (PID: 5940)
      • XYEY.exe (PID: 6676)
      • BAY.exe (PID: 2764)
      • ZOGUM.exe (PID: 7056)
      • LJA.exe (PID: 1204)
      • WMMRT.exe (PID: 4148)

    • Reads the computer name

      • 437cb914aeb1fca0a714380ac400101e4e594a13fe245cf589b8a8bca3ae46ba.exe (PID: 6508)
      • ZPHYQEF.exe (PID: 6748)
      • OFU.exe (PID: 6968)
      • AYXI.exe (PID: 7124)
      • PBHMRNL.exe (PID: 4716)
      • LYN.exe (PID: 4360)
      • ZJJ.exe (PID: 1604)
      • EMNO.exe (PID: 6384)
      • GKGRXCS.exe (PID: 6856)
      • MKNEG.exe (PID: 7088)
      • UDWYU.exe (PID: 4940)
      • OSPAS.exe (PID: 6352)
      • DNMM.exe (PID: 5720)
      • OGPFK.exe (PID: 6276)
      • OZYGQK.exe (PID: 6672)
      • MOXJC.exe (PID: 6860)
      • OMYLIT.exe (PID: 5196)
      • FIXCWA.exe (PID: 6448)
      • WVHV.exe (PID: 5548)
      • OXHFWF.exe (PID: 3740)
      • BGD.exe (PID: 6896)
      • DWFV.exe (PID: 4776)
      • FYGC.exe (PID: 4284)
      • XCGGEVL.exe (PID: 6364)
      • IZJMQBM.exe (PID: 1864)
      • USME.exe (PID: 4004)
      • HCQDE.exe (PID: 6356)
      • DAOA.exe (PID: 1616)
      • ZQIIW.exe (PID: 6656)
      • LJLB.exe (PID: 3592)
      • STUCKC.exe (PID: 1752)
      • URNWQ.exe (PID: 6320)
      • UKWYWDU.exe (PID: 6448)
      • WZPACS.exe (PID: 6368)
      • CAW.exe (PID: 2588)
      • KSFHZ.exe (PID: 6836)
      • VLIA.exe (PID: 4628)
      • MBHCLZ.exe (PID: 3592)
      • OZIF.exe (PID: 3712)
      • NJRGGAL.exe (PID: 636)
      • RZLOJ.exe (PID: 4424)
      • NHFW.exe (PID: 6736)
      • VSOX.exe (PID: 4916)
      • LQNAL.exe (PID: 3708)
      • ELE.exe (PID: 4628)
      • CTTIH.exe (PID: 3640)
      • RWIKN.exe (PID: 624)
      • QWPO.exe (PID: 6308)
      • AZHS.exe (PID: 6316)
      • TXSXD.exe (PID: 6652)
      • NUTS.exe (PID: 5528)
      • CPQ.exe (PID: 6348)
      • TFPP.exe (PID: 4936)
      • JDWR.exe (PID: 2796)
      • RJWG.exe (PID: 7080)
      • OZDEYX.exe (PID: 6548)
      • OOUD.exe (PID: 7072)
      • GCUI.exe (PID: 4264)
      • DZAFJL.exe (PID: 3708)
      • DSIYXP.exe (PID: 1728)
      • QVEFCGG.exe (PID: 1720)
      • FAKCJQI.exe (PID: 5244)
      • OJM.exe (PID: 4148)
      • QTN.exe (PID: 6356)
      • LOSN.exe (PID: 3740)
      • CZIKK.exe (PID: 7060)
      • FAL.exe (PID: 6292)
      • UFRRI.exe (PID: 6276)
      • SVQUU.exe (PID: 6652)
      • FYUAZL.exe (PID: 6300)
      • BSRMY.exe (PID: 6840)
      • UESPG.exe (PID: 4916)
      • RJXMVEU.exe (PID: 4264)
      • UKAWEP.exe (PID: 32)
      • HZEXZYK.exe (PID: 7144)
      • JKXWP.exe (PID: 2332)
      • NFSZIM.exe (PID: 6436)
      • PNBVUN.exe (PID: 232)
      • CJG.exe (PID: 4000)
      • NLAFGG.exe (PID: 5720)
      • PUCBSHW.exe (PID: 6204)
      • CWG.exe (PID: 5896)
      • YUN.exe (PID: 1864)
      • LKRA.exe (PID: 1604)
      • VSSV.exe (PID: 7040)
      • HYT.exe (PID: 6316)
      • RIN.exe (PID: 704)
      • EDRD.exe (PID: 380)
      • GBSFJ.exe (PID: 5556)
      • CZQUQ.exe (PID: 3732)
      • EXRWP.exe (PID: 3708)
      • KQI.exe (PID: 6332)
      • OKC.exe (PID: 5940)
      • XYEY.exe (PID: 6676)
      • BAY.exe (PID: 2764)
      • LJA.exe (PID: 1204)
      • ZOGUM.exe (PID: 7056)
      • WMMRT.exe (PID: 4148)

    • Process checks computer location settings

      • 437cb914aeb1fca0a714380ac400101e4e594a13fe245cf589b8a8bca3ae46ba.exe (PID: 6508)
      • ZPHYQEF.exe (PID: 6748)
      • OFU.exe (PID: 6968)
      • AYXI.exe (PID: 7124)
      • PBHMRNL.exe (PID: 4716)
      • LYN.exe (PID: 4360)
      • ZJJ.exe (PID: 1604)
      • EMNO.exe (PID: 6384)
      • GKGRXCS.exe (PID: 6856)
      • MKNEG.exe (PID: 7088)
      • UDWYU.exe (PID: 4940)
      • OSPAS.exe (PID: 6352)
      • DNMM.exe (PID: 5720)
      • OGPFK.exe (PID: 6276)
      • OZYGQK.exe (PID: 6672)
      • MOXJC.exe (PID: 6860)
      • OMYLIT.exe (PID: 5196)
      • OXHFWF.exe (PID: 3740)
      • FIXCWA.exe (PID: 6448)
      • BGD.exe (PID: 6896)
      • WVHV.exe (PID: 5548)
      • DWFV.exe (PID: 4776)
      • FYGC.exe (PID: 4284)
      • XCGGEVL.exe (PID: 6364)
      • IZJMQBM.exe (PID: 1864)
      • USME.exe (PID: 4004)
      • HCQDE.exe (PID: 6356)
      • ZQIIW.exe (PID: 6656)
      • DAOA.exe (PID: 1616)
      • STUCKC.exe (PID: 1752)
      • LJLB.exe (PID: 3592)
      • UKWYWDU.exe (PID: 6448)
      • URNWQ.exe (PID: 6320)
      • CAW.exe (PID: 2588)
      • WZPACS.exe (PID: 6368)
      • VLIA.exe (PID: 4628)
      • KSFHZ.exe (PID: 6836)
      • MBHCLZ.exe (PID: 3592)
      • OZIF.exe (PID: 3712)
      • NJRGGAL.exe (PID: 636)
      • RZLOJ.exe (PID: 4424)
      • NHFW.exe (PID: 6736)
      • VSOX.exe (PID: 4916)
      • ELE.exe (PID: 4628)
      • LQNAL.exe (PID: 3708)
      • RWIKN.exe (PID: 624)
      • CTTIH.exe (PID: 3640)
      • QWPO.exe (PID: 6308)
      • AZHS.exe (PID: 6316)
      • TXSXD.exe (PID: 6652)
      • NUTS.exe (PID: 5528)
      • CPQ.exe (PID: 6348)
      • TFPP.exe (PID: 4936)
      • JDWR.exe (PID: 2796)
      • RJWG.exe (PID: 7080)
      • OOUD.exe (PID: 7072)
      • GCUI.exe (PID: 4264)
      • OZDEYX.exe (PID: 6548)
      • DZAFJL.exe (PID: 3708)
      • DSIYXP.exe (PID: 1728)
      • QVEFCGG.exe (PID: 1720)
      • FAKCJQI.exe (PID: 5244)
      • QTN.exe (PID: 6356)
      • OJM.exe (PID: 4148)
      • LOSN.exe (PID: 3740)
      • CZIKK.exe (PID: 7060)
      • UFRRI.exe (PID: 6276)
      • BSRMY.exe (PID: 6840)
      • SVQUU.exe (PID: 6652)
      • FAL.exe (PID: 6292)
      • FYUAZL.exe (PID: 6300)
      • RJXMVEU.exe (PID: 4264)
      • UESPG.exe (PID: 4916)
      • HZEXZYK.exe (PID: 7144)
      • NFSZIM.exe (PID: 6436)
      • UKAWEP.exe (PID: 32)
      • JKXWP.exe (PID: 2332)
      • CJG.exe (PID: 4000)
      • NLAFGG.exe (PID: 5720)
      • PNBVUN.exe (PID: 232)
      • CWG.exe (PID: 5896)
      • PUCBSHW.exe (PID: 6204)
      • LKRA.exe (PID: 1604)
      • YUN.exe (PID: 1864)
      • VSSV.exe (PID: 7040)
      • RIN.exe (PID: 704)
      • HYT.exe (PID: 6316)
      • EDRD.exe (PID: 380)
      • GBSFJ.exe (PID: 5556)
      • CZQUQ.exe (PID: 3732)
      • EXRWP.exe (PID: 3708)
      • OKC.exe (PID: 5940)
      • KQI.exe (PID: 6332)
      • BAY.exe (PID: 2764)
      • XYEY.exe (PID: 6676)
      • ZOGUM.exe (PID: 7056)
      • LJA.exe (PID: 1204)

    • Checks proxy server information

      • WerFault.exe (PID: 6784)
      • WerFault.exe (PID: 6956)
      • WerFault.exe (PID: 7100)
      • WerFault.exe (PID: 3688)
      • WerFault.exe (PID: 6552)
      • WerFault.exe (PID: 6720)
      • WerFault.exe (PID: 5872)
      • WerFault.exe (PID: 1720)
      • WerFault.exe (PID: 6732)
      • WerFault.exe (PID: 1788)
      • WerFault.exe (PID: 2332)
      • WerFault.exe (PID: 4704)
      • WerFault.exe (PID: 1364)
      • WerFault.exe (PID: 1120)
      • WerFault.exe (PID: 4936)

    • Reads the software policy settings

      • WerFault.exe (PID: 6784)
      • WerFault.exe (PID: 6956)
      • WerFault.exe (PID: 7100)
      • WerFault.exe (PID: 3688)
      • WerFault.exe (PID: 6552)
      • WerFault.exe (PID: 6720)
      • WerFault.exe (PID: 5872)
      • WerFault.exe (PID: 1720)
      • WerFault.exe (PID: 6732)
      • WerFault.exe (PID: 1788)
      • WerFault.exe (PID: 2332)
      • WerFault.exe (PID: 4704)
      • WerFault.exe (PID: 1364)
      • WerFault.exe (PID: 1120)
      • WerFault.exe (PID: 4936)

    • Creates files or folders in the user directory

      • WerFault.exe (PID: 3688)
      • WerFault.exe (PID: 6552)
      • WerFault.exe (PID: 6720)
      • WerFault.exe (PID: 5872)
      • WerFault.exe (PID: 1720)
      • WerFault.exe (PID: 6732)
      • WerFault.exe (PID: 1788)
      • WerFault.exe (PID: 2332)
      • WerFault.exe (PID: 4704)
      • WerFault.exe (PID: 1364)
      • WerFault.exe (PID: 1120)
      • WerFault.exe (PID: 4936)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | InstallShield setup (36.8)
.exe | Win32 Executable MS Visual C++ (generic) (26.6)
.exe | Win64 Executable (generic) (23.6)
.dll | Win32 Dynamic Link Library (generic) (5.6)
.exe | Win32 Executable (generic) (3.8)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2007:06:02 06:27:43+00:00
ImageFileCharacteristics: No relocs, Executable, 32-bit
PEType: PE32
LinkerVersion: 8
CodeSize: 147456
InitializedDataSize: 61981
UninitializedDataSize: -
EntryPoint: 0x2419b
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 1.0.0.1
ProductVersionNumber: 1.0.0.1
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
CompanyName: TODO: <Company name>
FileDescription: TODO: <File description>
FileVersion: 1.0.0.1
InternalName: AdwTest.exe
LegalCopyright: TODO: (c) <Company name>. All rights reserved.
OriginalFileName: AdwTest.exe
ProductName: TODO: <Product name>
ProductVersion: 1.0.0.1
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
1 009
Monitored processes
679
Malicious processes
68
Suspicious processes
208

Behavior graph

Click at the process to see the details
start powershell.exe no specs conhost.exe no specs 437cb914aeb1fca0a714380ac400101e4e594a13fe245cf589b8a8bca3ae46ba.exe cmd.exe no specs conhost.exe no specs zphyqef.exe werfault.exe cmd.exe no specs conhost.exe no specs werfault.exe ofu.exe cmd.exe no specs conhost.exe no specs werfault.exe ayxi.exe cmd.exe no specs conhost.exe no specs werfault.exe pbhmrnl.exe cmd.exe no specs conhost.exe no specs lyn.exe cmd.exe no specs conhost.exe no specs zjj.exe cmd.exe no specs conhost.exe no specs emno.exe cmd.exe no specs conhost.exe no specs gkgrxcs.exe cmd.exe no specs conhost.exe no specs mkneg.exe cmd.exe no specs conhost.exe no specs udwyu.exe cmd.exe no specs conhost.exe no specs ospas.exe cmd.exe no specs conhost.exe no specs dnmm.exe cmd.exe no specs conhost.exe no specs ogpfk.exe cmd.exe no specs conhost.exe no specs ozygqk.exe werfault.exe cmd.exe no specs conhost.exe no specs moxjc.exe cmd.exe no specs conhost.exe no specs omylit.exe cmd.exe no specs conhost.exe no specs oxhfwf.exe cmd.exe no specs conhost.exe no specs fixcwa.exe cmd.exe no specs conhost.exe no specs wvhv.exe cmd.exe no specs conhost.exe no specs werfault.exe bgd.exe cmd.exe no specs conhost.exe no specs dwfv.exe cmd.exe no specs conhost.exe no specs fygc.exe cmd.exe no specs conhost.exe no specs xcggevl.exe cmd.exe no specs conhost.exe no specs izjmqbm.exe cmd.exe no specs conhost.exe no specs usme.exe cmd.exe no specs conhost.exe no specs hcqde.exe cmd.exe no specs conhost.exe no specs daoa.exe cmd.exe no specs conhost.exe no specs zqiiw.exe cmd.exe no specs conhost.exe no specs ljlb.exe cmd.exe no specs conhost.exe no specs stuckc.exe cmd.exe no specs conhost.exe no specs urnwq.exe cmd.exe no specs conhost.exe no specs ukwywdu.exe cmd.exe no specs conhost.exe no specs wzpacs.exe cmd.exe no specs conhost.exe no specs caw.exe cmd.exe no specs conhost.exe no specs ksfhz.exe cmd.exe no specs conhost.exe no specs vlia.exe werfault.exe cmd.exe no specs conhost.exe no specs mbhclz.exe cmd.exe no specs conhost.exe no specs ozif.exe cmd.exe no specs conhost.exe no specs njrggal.exe cmd.exe no specs conhost.exe no specs rzloj.exe cmd.exe no specs conhost.exe no specs nhfw.exe cmd.exe no specs conhost.exe no specs vsox.exe werfault.exe cmd.exe no specs conhost.exe no specs lqnal.exe cmd.exe no specs conhost.exe no specs ele.exe cmd.exe no specs conhost.exe no specs rwikn.exe cmd.exe no specs conhost.exe no specs cttih.exe werfault.exe cmd.exe no specs conhost.exe no specs qwpo.exe cmd.exe no specs conhost.exe no specs azhs.exe cmd.exe no specs conhost.exe no specs txsxd.exe cmd.exe no specs conhost.exe no specs werfault.exe nuts.exe cmd.exe no specs conhost.exe no specs cpq.exe cmd.exe no specs conhost.exe no specs tfpp.exe cmd.exe no specs conhost.exe no specs jdwr.exe cmd.exe no specs conhost.exe no specs rjwg.exe cmd.exe no specs conhost.exe no specs ooud.exe werfault.exe cmd.exe no specs conhost.exe no specs ozdeyx.exe cmd.exe no specs conhost.exe no specs gcui.exe cmd.exe no specs conhost.exe no specs dzafjl.exe cmd.exe no specs conhost.exe no specs dsiyxp.exe cmd.exe no specs conhost.exe no specs qvefcgg.exe cmd.exe no specs conhost.exe no specs fakcjqi.exe werfault.exe cmd.exe no specs conhost.exe no specs qtn.exe cmd.exe no specs conhost.exe no specs ojm.exe cmd.exe no specs conhost.exe no specs losn.exe cmd.exe no specs conhost.exe no specs czikk.exe cmd.exe no specs conhost.exe no specs werfault.exe bsrmy.exe cmd.exe no specs conhost.exe no specs fal.exe cmd.exe no specs conhost.exe no specs ufrri.exe cmd.exe no specs conhost.exe no specs svquu.exe cmd.exe no specs conhost.exe no specs fyuazl.exe cmd.exe no specs conhost.exe no specs uespg.exe werfault.exe cmd.exe no specs conhost.exe no specs rjxmveu.exe cmd.exe no specs conhost.exe no specs hzexzyk.exe cmd.exe no specs conhost.exe no specs ukawep.exe cmd.exe no specs conhost.exe no specs nfszim.exe cmd.exe no specs conhost.exe no specs jkxwp.exe cmd.exe no specs conhost.exe no specs pnbvun.exe cmd.exe no specs conhost.exe no specs nlafgg.exe cmd.exe no specs conhost.exe no specs cjg.exe cmd.exe no specs conhost.exe no specs pucbshw.exe cmd.exe no specs conhost.exe no specs cwg.exe cmd.exe no specs conhost.exe no specs lkra.exe cmd.exe no specs conhost.exe no specs yun.exe werfault.exe cmd.exe no specs conhost.exe no specs vssv.exe cmd.exe no specs conhost.exe no specs rin.exe cmd.exe no specs conhost.exe no specs hyt.exe cmd.exe no specs conhost.exe no specs edrd.exe cmd.exe no specs conhost.exe no specs gbsfj.exe cmd.exe no specs conhost.exe no specs czquq.exe cmd.exe no specs conhost.exe no specs exrwp.exe cmd.exe no specs conhost.exe no specs okc.exe cmd.exe no specs conhost.exe no specs kqi.exe cmd.exe no specs conhost.exe no specs bay.exe cmd.exe no specs conhost.exe no specs xyey.exe cmd.exe no specs conhost.exe no specs lja.exe cmd.exe no specs conhost.exe no specs zogum.exe cmd.exe no specs conhost.exe no specs wmmrt.exe cmd.exe no specs conhost.exe no specs jxiygr.exe werfault.exe no specs cmd.exe no specs conhost.exe no specs znoakl.exe cmd.exe no specs conhost.exe no specs nxkzp.exe cmd.exe no specs conhost.exe no specs jvqwem.exe cmd.exe no specs conhost.exe no specs uol.exe cmd.exe no specs conhost.exe no specs jtrmudh.exe cmd.exe no specs conhost.exe no specs fzxb.exe cmd.exe no specs conhost.exe no specs njfc.exe cmd.exe no specs conhost.exe no specs euwa.exe cmd.exe no specs conhost.exe no specs usdd.exe cmd.exe no specs conhost.exe no specs rpaah.exe cmd.exe no specs conhost.exe no specs ngvi.exe werfault.exe no specs cmd.exe no specs conhost.exe no specs gdgox.exe cmd.exe no specs conhost.exe no specs lgkmcd.exe cmd.exe no specs conhost.exe no specs ilijj.exe cmd.exe no specs conhost.exe no specs telcrcl.exe filecoauth.exe no specs cmd.exe no specs conhost.exe no specs xmfku.exe werfault.exe no specs cmd.exe no specs conhost.exe no specs nkmngnw.exe cmd.exe no specs conhost.exe no specs pafpm.exe cmd.exe no specs conhost.exe no specs psoqsos.exe cmd.exe no specs conhost.exe no specs myufhxm.exe cmd.exe no specs conhost.exe no specs qgo.exe cmd.exe no specs conhost.exe no specs bzrglmx.exe cmd.exe no specs conhost.exe no specs pepd.exe cmd.exe no specs conhost.exe no specs xpxe.exe cmd.exe no specs conhost.exe no specs zmyz.exe cmd.exe no specs conhost.exe no specs qcxj.exe werfault.exe no specs cmd.exe no specs conhost.exe no specs usrrbhg.exe cmd.exe no specs conhost.exe no specs kiyu.exe cmd.exe no specs conhost.exe no specs qigi.exe cmd.exe no specs conhost.exe no specs dlcob.exe cmd.exe no specs conhost.exe no specs xjdi.exe cmd.exe no specs conhost.exe no specs fceknn.exe cmd.exe no specs conhost.exe no specs hsfmt.exe cmd.exe no specs conhost.exe no specs qfp.exe cmd.exe no specs conhost.exe no specs sdj.exe cmd.exe no specs conhost.exe no specs qsp.exe cmd.exe no specs conhost.exe no specs sqj.exe cmd.exe no specs conhost.exe no specs hwo.exe werfault.exe no specs cmd.exe no specs conhost.exe no specs pgx.exe cmd.exe no specs conhost.exe no specs azsm.exe cmd.exe no specs conhost.exe no specs wfykkj.exe cmd.exe no specs conhost.exe no specs lkehrt.exe cmd.exe no specs conhost.exe no specs ynafwkm.exe werfault.exe no specs cmd.exe no specs conhost.exe no specs lyembb.exe cmd.exe no specs conhost.exe no specs rbakgtj.exe cmd.exe no specs conhost.exe no specs elertk.exe cmd.exe no specs conhost.exe no specs ewe.exe cmd.exe no specs conhost.exe no specs rhiqenv.exe cmd.exe no specs conhost.exe no specs werfault.exe no specs neoo.exe cmd.exe no specs conhost.exe no specs pch.exe cmd.exe no specs conhost.exe no specs gsosdgn.exe cmd.exe no specs conhost.exe no specs tdk.exe cmd.exe no specs conhost.exe no specs tnts.exe cmd.exe no specs conhost.exe no specs egole.exe werfault.exe no specs cmd.exe no specs conhost.exe no specs kgvznlm.exe cmd.exe no specs conhost.exe no specs djvcs.exe cmd.exe no specs conhost.exe no specs qurbxg.exe cmd.exe no specs conhost.exe no specs esxyei.exe cmd.exe no specs conhost.exe no specs dqvbq.exe cmd.exe no specs conhost.exe no specs zyyrtb.exe werfault.exe no specs cmd.exe no specs conhost.exe no specs kvbofhe.exe cmd.exe no specs conhost.exe no specs jgzmfcz.exe cmd.exe no specs conhost.exe no specs ggha.exe cmd.exe no specs conhost.exe no specs urd.exe cmd.exe no specs conhost.exe no specs fkgr.exe cmd.exe no specs conhost.exe no specs qhsxw.exe werfault.exe no specs cmd.exe no specs conhost.exe no specs sflruy.exe cmd.exe no specs conhost.exe no specs fihyz.exe cmd.exe no specs conhost.exe no specs stlw.exe cmd.exe no specs conhost.exe no specs jjkhq.exe cmd.exe no specs conhost.exe no specs fopwx.exe cmd.exe no specs conhost.exe no specs werfault.exe no specs doxsoek.exe cmd.exe no specs conhost.exe no specs fey.exe cmd.exe no specs conhost.exe no specs tpusasm.exe cmd.exe no specs conhost.exe no specs gsyrfk.exe cmd.exe no specs conhost.exe no specs ldupkbk.exe werfault.exe no specs cmd.exe no specs conhost.exe no specs jttawmz.exe cmd.exe no specs conhost.exe no specs pdx.exe cmd.exe no specs conhost.exe no specs lbd.exe cmd.exe no specs conhost.exe no specs ymzc.exe cmd.exe no specs conhost.exe no specs ywhw.exe cmd.exe no specs conhost.exe no specs jpkoj.exe werfault.exe no specs cmd.exe no specs conhost.exe no specs xahv.exe cmd.exe no specs conhost.exe no specs kddtt.exe cmd.exe no specs conhost.exe no specs kvlvh.exe cmd.exe no specs conhost.exe no specs odfd.exe cmd.exe no specs conhost.exe no specs cjlaru.exe cmd.exe no specs conhost.exe no specs werfault.exe no specs nbokzjl.exe cmd.exe no specs conhost.exe no specs bmkrfa.exe cmd.exe no specs conhost.exe no specs mkwxrhh.exe cmd.exe no specs conhost.exe no specs efnavdp.exe cmd.exe no specs conhost.exe no specs bktxdn.exe cmd.exe no specs conhost.exe no specs gvpwiem.exe cmd.exe no specs conhost.exe no specs flwztyt.exe werfault.exe no specs cmd.exe no specs conhost.exe no specs kosfzp.exe cmd.exe no specs conhost.exe no specs gtx.exe cmd.exe no specs conhost.exe no specs smav.exe cmd.exe no specs conhost.exe no specs zejo.exe werfault.exe no specs cmd.exe no specs conhost.exe no specs quiz.exe cmd.exe no specs conhost.exe no specs hfgp.exe cmd.exe no specs conhost.exe no specs oqhqtd.exe cmd.exe no specs conhost.exe no specs footfw.exe cmd.exe no specs conhost.exe no specs qgjmneq.exe cmd.exe no specs conhost.exe no specs ltov.exe cmd.exe no specs conhost.exe no specs yws.exe cmd.exe no specs conhost.exe no specs vcxr.exe cmd.exe no specs conhost.exe no specs ant.exe cmd.exe no specs conhost.exe no specs wkzuw.exe cmd.exe no specs conhost.exe no specs tqxkd.exe cmd.exe no specs conhost.exe no specs cyzxon.exe werfault.exe no specs cmd.exe no specs conhost.exe no specs nrchour.exe cmd.exe no specs conhost.exe no specs zon.exe cmd.exe no specs conhost.exe no specs pze.exe cmd.exe no specs conhost.exe no specs zcn.exe cmd.exe no specs conhost.exe no specs werfault.exe no specs zhgh.exe cmd.exe no specs conhost.exe no specs finumq.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
32C:\windows\system\UKAWEP.exe C:\Windows\System\UKAWEP.exe
cmd.exe
User:
admin
Company:
TODO: <Company name>
Integrity Level:
HIGH
Description:
TODO: <File description>
Exit code:
3221225477
Version:
1.0.0.1
Modules
Images
c:\windows\system\ukawep.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\psapi.dll
32C:\WINDOWS\system32\cmd.exe /c ""C:\windows\NGVI.exe.bat" "C:\Windows\SysWOW64\cmd.exeRPAAH.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
1
Version:
10.0.19041.3636 (WinBuild.160101.0800)
72C:\WINDOWS\system32\cmd.exe /c ""C:\windows\system\JPKOJ.exe.bat" "C:\Windows\SysWOW64\cmd.exeYWHW.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
1
Version:
10.0.19041.3636 (WinBuild.160101.0800)
232\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
232\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
232C:\windows\system\PNBVUN.exe C:\Windows\System\PNBVUN.exe
cmd.exe
User:
admin
Company:
TODO: <Company name>
Integrity Level:
HIGH
Description:
TODO: <File description>
Exit code:
3221225477
Version:
1.0.0.1
Modules
Images
c:\windows\system\pnbvun.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\psapi.dll
232C:\windows\system32\LGKMCD.exe C:\Windows\SysWOW64\LGKMCD.exe
cmd.exe
User:
admin
Company:
TODO: <Company name>
Integrity Level:
HIGH
Description:
TODO: <File description>
Exit code:
3221225477
Version:
1.0.0.1
232\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
232C:\WINDOWS\system32\cmd.exe /c ""C:\windows\system32\YMZC.exe.bat" "C:\Windows\SysWOW64\cmd.exeLBD.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
1
Version:
10.0.19041.3636 (WinBuild.160101.0800)
308\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
212 879
Read events
211 737
Write events
1 097
Delete events
45

Modification events

(PID) Process:(6260) powershell.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(6260) powershell.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(6260) powershell.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(6260) powershell.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(6508) 437cb914aeb1fca0a714380ac400101e4e594a13fe245cf589b8a8bca3ae46ba.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(6508) 437cb914aeb1fca0a714380ac400101e4e594a13fe245cf589b8a8bca3ae46ba.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(6508) 437cb914aeb1fca0a714380ac400101e4e594a13fe245cf589b8a8bca3ae46ba.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(6508) 437cb914aeb1fca0a714380ac400101e4e594a13fe245cf589b8a8bca3ae46ba.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(6784) WerFault.exeKey:\REGISTRY\A\{e5621f5d-27a1-abd6-9a01-94d78c2011c8}\Root\InventoryApplicationFile
Operation:writeName:WritePermissionsCheck
Value:
1
(PID) Process:(6784) WerFault.exeKey:\REGISTRY\A\{e5621f5d-27a1-abd6-9a01-94d78c2011c8}\Root\InventoryApplicationFile\PermissionsCheckTestKey
Operation:delete keyName:(default)
Value:
Executable files
214
Suspicious files
67
Text files
280
Unknown types
0

Dropped files

PID
Process
Filename
Type
6260powershell.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms
MD5:
SHA256:
6260powershell.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF113c89.TMPbinary
MD5:D040F64E9E7A2BB91ABCA5613424598E
SHA256:D04E0A6940609BD6F3B561B0F6027F5CA4E8C5CF0FB0D0874B380A0374A8D670
6956WerFault.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_ZPHYQEF.exe_598adcb45bf1654f43af1e629783077b5ccfe33_f1c70969_b654d003-2e1b-4954-8cd6-52000da935b8\Report.wer
MD5:
SHA256:
6784WerFault.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_437cb914aeb1fca0_f9f8319f726ac4afd76673727f76e8cb3871bc_b1376e18_1ed1dd1a-5e7a-41ea-b550-9b12f6c0fdfd\Report.wer
MD5:
SHA256:
6260powershell.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\39TQH5P4GIR3DP2NG9HX.tempbinary
MD5:03DAF9C6A11390B29881991BAA9A04CF
SHA256:59F806DCA974C8F83ADBB23039E64A9C2FC3EB7C0B13CFBAB27212A8CA81A7F7
6260powershell.exeC:\Users\admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractivebinary
MD5:E0FA9B3D1ADB80A17BBB4B2BC077287C
SHA256:EF939E20DE67AF87138DDF55966A7A906BD186F8EA548D1067E0E8BDE229EC9E
6748ZPHYQEF.exeC:\windows\SysWOW64\OFU.exe.battext
MD5:F6D45FCD822BF4ACA3605D1660648719
SHA256:2859851334DE9CA2DC49418490388277E1595FE1C1D68E9EE12783EB4D635F18
6260powershell.exeC:\Users\admin\AppData\Local\Temp\__PSScriptPolicyTest_n5xuwngc.dqq.psm1text
MD5:D17FE0A3F47BE24A6453E9EF58C94641
SHA256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
6968OFU.exeC:\windows\system\AYXI.exe.battext
MD5:00208AFA5A5FD969700A087B9E247BB7
SHA256:5A394E81A4F7489EA42E9E2E2E766253BD13AE0567B16C0D0EC7EEBDC1A32951
7100WerFault.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_OFU.exe_defab58af04b78bb24db88ee9e3fb5ae92ca0d1_e2df9ed8_8f99a4df-e176-4893-884f-5bb34962ade9\Report.wer
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
7
TCP/UDP connections
51
DNS requests
25
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5380
svchost.exe
GET
200
2.18.121.212:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
unknown
5140
MoUsoCoreWorker.exe
GET
200
2.18.121.212:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
unknown
4856
RUXIMICS.exe
GET
200
2.18.121.212:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
unknown
5140
MoUsoCoreWorker.exe
GET
200
23.200.189.225:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
unknown
5380
svchost.exe
GET
200
23.200.189.225:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
unknown
4856
RUXIMICS.exe
GET
200
23.200.189.225:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
unknown
POST
200
52.182.143.209:443
https://self.events.data.microsoft.com/OneCollector/1.0/
unknown
binary
9 b
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
239.255.255.250:1900
unknown
5380
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
4856
RUXIMICS.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
5140
MoUsoCoreWorker.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
5380
svchost.exe
2.18.121.212:80
crl.microsoft.com
AKAMAI-AS
FR
unknown
4856
RUXIMICS.exe
2.18.121.212:80
crl.microsoft.com
AKAMAI-AS
FR
unknown
5140
MoUsoCoreWorker.exe
2.18.121.212:80
crl.microsoft.com
AKAMAI-AS
FR
unknown
5140
MoUsoCoreWorker.exe
23.200.189.225:80
www.microsoft.com
Moratelindo Internet Exchange Point
ID
unknown
4856
RUXIMICS.exe
23.200.189.225:80
www.microsoft.com
Moratelindo Internet Exchange Point
ID
unknown
5380
svchost.exe
23.200.189.225:80
www.microsoft.com
Moratelindo Internet Exchange Point
ID
unknown

DNS requests

Domain
IP
Reputation
crl.microsoft.com
  • 2.18.121.212
  • 2.18.121.151
  • 2.18.121.146
  • 2.18.121.134
  • 2.18.121.147
  • 2.18.121.153
whitelisted
www.microsoft.com
  • 23.200.189.225
whitelisted
settings-win.data.microsoft.com
  • 40.127.240.158
whitelisted
watson.events.data.microsoft.com
  • 52.168.117.173
  • 20.42.65.92
  • 20.189.173.20
  • 20.42.73.29
whitelisted
self.events.data.microsoft.com
  • 20.42.73.31
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
437cb914aeb1fca0a714380ac400101e4e594a13fe245cf589b8a8bca3ae46ba.exe