a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec

Analysis

max time kernel
171s
max time network
170s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
24-11-2022 21:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
Size

602KB
MD5

2f32e20d4785dea1a2133f549870984f
SHA1

e5cb50dd4eebfe13817f8ede54609141287ff591
SHA256

a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec
SHA512

d728f7b1c525f6798b9d7e4e500f082e253badfa99940a11d3d49e523384276a6336b763714840ae4b07cf077e14167bd10746058ad4d99192d5de4c98855a08
SSDEEP

12288:3AGFRlwXdvLaZqA15h+xdZ4Ts0njQrbuOC8f4+GOOrU/PU6MZ7rn:AvL6qA17EZD0kHumLOA/PUT7T

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 4 IoCs

Processes:

a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exea480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe

description	ioc	process
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\config\security.config.cch.new	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\config\security.config.cch.new	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\config\enterprisesec.config.cch.new	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\config\enterprisesec.config.cch.new	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

description	pid	process
Token: SeDebugPrivilege	2300	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
Token: 33	2300	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
Token: SeIncBasePriorityPrivilege	2300	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
Token: SeDebugPrivilege	1860	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
Token: 33	1860	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
Token: SeIncBasePriorityPrivilege	1860	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
Token: SeDebugPrivilege	1004	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
Token: 33	1004	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
Token: SeIncBasePriorityPrivilege	1004	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
Token: SeDebugPrivilege	1564	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
Token: 33	1564	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
Token: SeIncBasePriorityPrivilege	1564	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
Token: SeDebugPrivilege	1824	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
Token: 33	1824	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
Token: SeIncBasePriorityPrivilege	1824	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
Token: SeDebugPrivilege	4828	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
Token: 33	4828	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
Token: SeIncBasePriorityPrivilege	4828	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
Token: SeDebugPrivilege	2760	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
Token: 33	2760	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
Token: SeIncBasePriorityPrivilege	2760	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
Token: SeDebugPrivilege	4688	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
Token: 33	4688	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
Token: SeIncBasePriorityPrivilege	4688	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
Token: SeDebugPrivilege	2492	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
Token: 33	2492	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
Token: SeIncBasePriorityPrivilege	2492	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
Token: SeDebugPrivilege	2192	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
Token: 33	2192	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
Token: SeIncBasePriorityPrivilege	2192	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
Token: SeDebugPrivilege	2712	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
Token: 33	2712	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
Token: SeIncBasePriorityPrivilege	2712	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
Token: SeDebugPrivilege	2076	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
Token: 33	2076	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
Token: SeIncBasePriorityPrivilege	2076	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
Token: SeDebugPrivilege	2264	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
Token: 33	2264	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
Token: SeIncBasePriorityPrivilege	2264	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
Token: SeDebugPrivilege	360	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
Token: 33	360	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
Token: SeIncBasePriorityPrivilege	360	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
Token: SeDebugPrivilege	2600	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
Token: 33	2600	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
Token: SeIncBasePriorityPrivilege	2600	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
Token: SeDebugPrivilege	4152	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
Token: 33	4152	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
Token: SeIncBasePriorityPrivilege	4152	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
Token: SeDebugPrivilege	4912	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
Token: 33	4912	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
Token: SeIncBasePriorityPrivilege	4912	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
Token: SeDebugPrivilege	3204	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
Token: 33	3204	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
Token: SeIncBasePriorityPrivilege	3204	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
Token: SeDebugPrivilege	972	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
Token: 33	972	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
Token: SeIncBasePriorityPrivilege	972	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
Token: SeDebugPrivilege	4064	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
Token: 33	4064	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
Token: SeIncBasePriorityPrivilege	4064	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
Token: SeDebugPrivilege	3304	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
Token: 33	3304	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
Token: SeIncBasePriorityPrivilege	3304	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
Token: SeDebugPrivilege	1472	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exea480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exea480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exea480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exea480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exea480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exea480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exea480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exea480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exea480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exea480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exea480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exea480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exea480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exea480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exea480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exea480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exea480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exea480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exea480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exea480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exea480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exea480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exea480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exea480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exea480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exea480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exea480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exea480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exea480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exea480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exea480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe

C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
"C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2300

C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
2⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1860

C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
3⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1004

C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
4⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1564

C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
5⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1824

C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
6⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4828

C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
7⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2760

C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
8⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4688

C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
9⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2492

C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
10⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2192

C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
11⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2712

C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
12⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2076

C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
13⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2264

C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
14⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:360

C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
15⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2600

C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
16⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4152

C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
17⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4912

C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
18⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3204

C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
19⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:972

C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
20⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4064

C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
21⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3304

C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
22⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1472

C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
23⤵
- Suspicious use of WriteProcessMemory
PID:5020

C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
24⤵
- Suspicious use of WriteProcessMemory
PID:4248

C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
25⤵
- Suspicious use of WriteProcessMemory
PID:3628

C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
26⤵
- Suspicious use of WriteProcessMemory
PID:4320

C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
27⤵
- Suspicious use of WriteProcessMemory
PID:1352

C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
28⤵
- Suspicious use of WriteProcessMemory
PID:4336

C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
29⤵
- Suspicious use of WriteProcessMemory
PID:3604

C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
30⤵
- Suspicious use of WriteProcessMemory
PID:1672

C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
31⤵
- Suspicious use of WriteProcessMemory
PID:4236

C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
32⤵
- Suspicious use of WriteProcessMemory
PID:3032

C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
33⤵
PID:4212

C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
34⤵
PID:3436

C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
35⤵
PID:4984

C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
36⤵
PID:4868

C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
37⤵
PID:3492

C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
38⤵
PID:2492

C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
39⤵
PID:5092

C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
40⤵
PID:4968

C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
41⤵
PID:1216

C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
42⤵
PID:3180

C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
43⤵
PID:940

C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
44⤵
PID:1504

C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
45⤵
PID:4884

C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
46⤵
PID:4916

C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
47⤵
PID:4292

C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
48⤵
PID:4648

C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
49⤵
PID:5040

C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
50⤵
PID:3460

C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
51⤵
PID:4628

C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
52⤵
PID:2352

C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
53⤵
PID:1568

C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
54⤵
PID:3656

C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
55⤵
PID:3816

C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
56⤵
PID:2080

C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
57⤵
PID:1884

C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
58⤵
PID:3404

C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
59⤵
PID:5060

C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
60⤵
PID:4344

C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
61⤵
PID:220

C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
62⤵
PID:3380

C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
63⤵
PID:1968

C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
64⤵
PID:4280

C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
65⤵
PID:3068

C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
66⤵
PID:3896

C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
67⤵
PID:4012

C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
68⤵
PID:4256

C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
69⤵
PID:2136

C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
70⤵
PID:724

C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
71⤵
PID:4640

C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
72⤵
PID:2360

C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
C:\Users\Admin\AppData\Local\Temp\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
73⤵
PID:2476

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe.log
Filesize
493B

MD5
24a5aa19a470a73157ff2070f87f5318

SHA1
4a00ea888e875b0d7d908981f83e70831555b212

SHA256
f1b67b7f443b689aba972849e7e01ff27bbf1fadbdde1e522622e3043b593fdc

SHA512
66f49e247cc3a77bbc734a2cf542f1e4179e0b9c4be0719222ce84d08b53485fa8ee9396904665e3f99b5d554240b65d01d09499479f0a877dafb965e91ed183

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\64bit\security.config.cch
Filesize
514B

MD5
072984a2519f1a5ad8802d289002f191

SHA1
44b0a54e7b94d8b5eef9439c19b61a1b8eb198fa

SHA256
8df09764d13d142d8a164932a750b9b28904edc4ef2feb4426600d810fdbacaf

SHA512
e574fb851420b3f56a136f7f315fe4d5919aa5a741de0555189322cdef33fe50a75b3ef21a951de2219f1aa0386f0b1232e2094f3f024c8a87ed755d359ecac0

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\config\enterprisesec.config.cch
Filesize
514B

MD5
072984a2519f1a5ad8802d289002f191

SHA1
44b0a54e7b94d8b5eef9439c19b61a1b8eb198fa

SHA256
8df09764d13d142d8a164932a750b9b28904edc4ef2feb4426600d810fdbacaf

SHA512
e574fb851420b3f56a136f7f315fe4d5919aa5a741de0555189322cdef33fe50a75b3ef21a951de2219f1aa0386f0b1232e2094f3f024c8a87ed755d359ecac0

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\config\security.config.cch
Filesize
514B

MD5
072984a2519f1a5ad8802d289002f191

SHA1
44b0a54e7b94d8b5eef9439c19b61a1b8eb198fa

SHA256
8df09764d13d142d8a164932a750b9b28904edc4ef2feb4426600d810fdbacaf

SHA512
e574fb851420b3f56a136f7f315fe4d5919aa5a741de0555189322cdef33fe50a75b3ef21a951de2219f1aa0386f0b1232e2094f3f024c8a87ed755d359ecac0

Download Submit
memory/220-255-0x0000000000000000-mapping.dmp

Download
memory/220-256-0x00007FFF2AE20000-0x00007FFF2B856000-memory.dmp

Filesize
10.2MB

Download
memory/360-161-0x0000000000000000-mapping.dmp

Download
memory/360-162-0x00007FFF2AE20000-0x00007FFF2B856000-memory.dmp

Filesize
10.2MB

Download
memory/940-220-0x00007FFF2AE20000-0x00007FFF2B856000-memory.dmp

Filesize
10.2MB

Download
memory/940-219-0x0000000000000000-mapping.dmp

Download
memory/972-172-0x00007FFF2AE20000-0x00007FFF2B856000-memory.dmp

Filesize
10.2MB

Download
memory/972-171-0x0000000000000000-mapping.dmp

Download
memory/1004-137-0x00007FFF2AC90000-0x00007FFF2B6C6000-memory.dmp

Filesize
10.2MB

Download
memory/1004-136-0x0000000000000000-mapping.dmp

Download
memory/1216-215-0x0000000000000000-mapping.dmp

Download
memory/1216-216-0x00007FFF2AE20000-0x00007FFF2B856000-memory.dmp

Filesize
10.2MB

Download
memory/1352-188-0x00007FFF2AE20000-0x00007FFF2B856000-memory.dmp

Filesize
10.2MB

Download
memory/1352-187-0x0000000000000000-mapping.dmp

Download
memory/1472-177-0x0000000000000000-mapping.dmp

Download
memory/1472-178-0x00007FFF2AE20000-0x00007FFF2B856000-memory.dmp

Filesize
10.2MB

Download
memory/1504-221-0x0000000000000000-mapping.dmp

Download
memory/1504-222-0x00007FFF2AE20000-0x00007FFF2B856000-memory.dmp

Filesize
10.2MB

Download
memory/1564-142-0x00007FFF2AC90000-0x00007FFF2B6C6000-memory.dmp

Filesize
10.2MB

Download
memory/1564-138-0x0000000000000000-mapping.dmp

Download
memory/1568-240-0x00007FFF2AE20000-0x00007FFF2B856000-memory.dmp

Filesize
10.2MB

Download
memory/1568-239-0x0000000000000000-mapping.dmp

Download
memory/1672-194-0x00007FFF2AE20000-0x00007FFF2B856000-memory.dmp

Filesize
10.2MB

Download
memory/1672-193-0x0000000000000000-mapping.dmp

Download
memory/1824-144-0x00007FFF2AE20000-0x00007FFF2B856000-memory.dmp

Filesize
10.2MB

Download
memory/1824-143-0x0000000000000000-mapping.dmp

Download
memory/1860-135-0x00007FFF2AC90000-0x00007FFF2B6C6000-memory.dmp

Filesize
10.2MB

Download
memory/1860-133-0x0000000000000000-mapping.dmp

Download
memory/1884-247-0x0000000000000000-mapping.dmp

Download
memory/1884-248-0x00007FFF2AE20000-0x00007FFF2B856000-memory.dmp

Filesize
10.2MB

Download
memory/1968-259-0x0000000000000000-mapping.dmp

Download
memory/1968-260-0x00007FFF2AE20000-0x00007FFF2B856000-memory.dmp

Filesize
10.2MB

Download
memory/2076-157-0x0000000000000000-mapping.dmp

Download
memory/2076-158-0x00007FFF2AE20000-0x00007FFF2B856000-memory.dmp

Filesize
10.2MB

Download
memory/2080-246-0x00007FFF2AE20000-0x00007FFF2B856000-memory.dmp

Filesize
10.2MB

Download
memory/2080-245-0x0000000000000000-mapping.dmp

Download
memory/2192-153-0x0000000000000000-mapping.dmp

Download
memory/2192-154-0x00007FFF2AE20000-0x00007FFF2B856000-memory.dmp

Filesize
10.2MB

Download
memory/2264-160-0x00007FFF2AE20000-0x00007FFF2B856000-memory.dmp

Filesize
10.2MB

Download
memory/2264-159-0x0000000000000000-mapping.dmp

Download
memory/2300-132-0x00007FFF2AC90000-0x00007FFF2B6C6000-memory.dmp

Filesize
10.2MB

Download
memory/2352-238-0x00007FFF2AE20000-0x00007FFF2B856000-memory.dmp

Filesize
10.2MB

Download
memory/2352-237-0x0000000000000000-mapping.dmp

Download
memory/2492-210-0x00007FFF2AE20000-0x00007FFF2B856000-memory.dmp

Filesize
10.2MB

Download
memory/2492-209-0x0000000000000000-mapping.dmp

Download
memory/2492-151-0x0000000000000000-mapping.dmp

Download
memory/2492-152-0x00007FFF2AE20000-0x00007FFF2B856000-memory.dmp

Filesize
10.2MB

Download
memory/2600-163-0x0000000000000000-mapping.dmp

Download
memory/2600-164-0x00007FFF2AE20000-0x00007FFF2B856000-memory.dmp

Filesize
10.2MB

Download
memory/2712-155-0x0000000000000000-mapping.dmp

Download
memory/2712-156-0x00007FFF2AE20000-0x00007FFF2B856000-memory.dmp

Filesize
10.2MB

Download
memory/2760-148-0x00007FFF2AE20000-0x00007FFF2B856000-memory.dmp

Filesize
10.2MB

Download
memory/2760-147-0x0000000000000000-mapping.dmp

Download
memory/3032-198-0x00007FFF29420000-0x00007FFF29E56000-memory.dmp

Filesize
10.2MB

Download
memory/3032-197-0x0000000000000000-mapping.dmp

Download
memory/3068-263-0x0000000000000000-mapping.dmp

Download
memory/3180-217-0x0000000000000000-mapping.dmp

Download
memory/3180-218-0x00007FFF2AE20000-0x00007FFF2B856000-memory.dmp

Filesize
10.2MB

Download
memory/3204-169-0x0000000000000000-mapping.dmp

Download
memory/3204-170-0x00007FFF2AE20000-0x00007FFF2B856000-memory.dmp

Filesize
10.2MB

Download
memory/3304-175-0x0000000000000000-mapping.dmp

Download
memory/3304-176-0x00007FFF2AE20000-0x00007FFF2B856000-memory.dmp

Filesize
10.2MB

Download
memory/3380-257-0x0000000000000000-mapping.dmp

Download
memory/3380-258-0x00007FFF2AE20000-0x00007FFF2B856000-memory.dmp

Filesize
10.2MB

Download
memory/3404-250-0x00007FFF2AE20000-0x00007FFF2B856000-memory.dmp

Filesize
10.2MB

Download
memory/3404-249-0x0000000000000000-mapping.dmp

Download
memory/3436-201-0x0000000000000000-mapping.dmp

Download
memory/3436-202-0x00007FFF2AE20000-0x00007FFF2B856000-memory.dmp

Filesize
10.2MB

Download
memory/3460-234-0x00007FFF2AE20000-0x00007FFF2B856000-memory.dmp

Filesize
10.2MB

Download
memory/3460-233-0x0000000000000000-mapping.dmp

Download
memory/3492-207-0x0000000000000000-mapping.dmp

Download
memory/3492-208-0x00007FFF2AE20000-0x00007FFF2B856000-memory.dmp

Filesize
10.2MB

Download
memory/3604-192-0x00007FFF2AE20000-0x00007FFF2B856000-memory.dmp

Filesize
10.2MB

Download
memory/3604-191-0x0000000000000000-mapping.dmp

Download
memory/3628-184-0x00007FFF2AE20000-0x00007FFF2B856000-memory.dmp

Filesize
10.2MB

Download
memory/3628-183-0x0000000000000000-mapping.dmp

Download
memory/3656-242-0x00007FFF2AE20000-0x00007FFF2B856000-memory.dmp

Filesize
10.2MB

Download
memory/3656-241-0x0000000000000000-mapping.dmp

Download
memory/3816-243-0x0000000000000000-mapping.dmp

Download
memory/3816-244-0x00007FFF2AE20000-0x00007FFF2B856000-memory.dmp

Filesize
10.2MB

Download
memory/4064-174-0x00007FFF2AE20000-0x00007FFF2B856000-memory.dmp

Filesize
10.2MB

Download
memory/4064-173-0x0000000000000000-mapping.dmp

Download
memory/4152-165-0x0000000000000000-mapping.dmp

Download
memory/4152-166-0x00007FFF2AE20000-0x00007FFF2B856000-memory.dmp

Filesize
10.2MB

Download
memory/4212-200-0x00007FFF2AE20000-0x00007FFF2B856000-memory.dmp

Filesize
10.2MB

Download
memory/4212-199-0x0000000000000000-mapping.dmp

Download
memory/4236-196-0x00007FFF2AE20000-0x00007FFF2B856000-memory.dmp

Filesize
10.2MB

Download
memory/4236-195-0x0000000000000000-mapping.dmp

Download
memory/4248-181-0x0000000000000000-mapping.dmp

Download
memory/4248-182-0x00007FFF2AE20000-0x00007FFF2B856000-memory.dmp

Filesize
10.2MB

Download
memory/4280-261-0x0000000000000000-mapping.dmp

Download
memory/4280-262-0x00007FFF2AE20000-0x00007FFF2B856000-memory.dmp

Filesize
10.2MB

Download
memory/4292-227-0x0000000000000000-mapping.dmp

Download
memory/4292-228-0x00007FFF2AE20000-0x00007FFF2B856000-memory.dmp

Filesize
10.2MB

Download
memory/4320-185-0x0000000000000000-mapping.dmp

Download
memory/4320-186-0x00007FFF2AE20000-0x00007FFF2B856000-memory.dmp

Filesize
10.2MB

Download
memory/4336-189-0x0000000000000000-mapping.dmp

Download
memory/4336-190-0x00007FFF2AE20000-0x00007FFF2B856000-memory.dmp

Filesize
10.2MB

Download
memory/4344-253-0x0000000000000000-mapping.dmp

Download
memory/4344-254-0x00007FFF2AE20000-0x00007FFF2B856000-memory.dmp

Filesize
10.2MB

Download
memory/4628-235-0x0000000000000000-mapping.dmp

Download
memory/4628-236-0x00007FFF2AE20000-0x00007FFF2B856000-memory.dmp

Filesize
10.2MB

Download
memory/4648-230-0x00007FFF2AE20000-0x00007FFF2B856000-memory.dmp

Filesize
10.2MB

Download
memory/4648-229-0x0000000000000000-mapping.dmp

Download
memory/4688-149-0x0000000000000000-mapping.dmp

Download
memory/4688-150-0x00007FFF2AE20000-0x00007FFF2B856000-memory.dmp

Filesize
10.2MB

Download
memory/4828-145-0x0000000000000000-mapping.dmp

Download
memory/4828-146-0x00007FFF2AE20000-0x00007FFF2B856000-memory.dmp

Filesize
10.2MB

Download
memory/4868-205-0x0000000000000000-mapping.dmp

Download
memory/4868-206-0x00007FFF2AE20000-0x00007FFF2B856000-memory.dmp

Filesize
10.2MB

Download
memory/4884-223-0x0000000000000000-mapping.dmp

Download
memory/4884-224-0x00007FFF2AE20000-0x00007FFF2B856000-memory.dmp

Filesize
10.2MB

Download
memory/4912-168-0x00007FFF2AE20000-0x00007FFF2B856000-memory.dmp

Filesize
10.2MB

Download
memory/4912-167-0x0000000000000000-mapping.dmp

Download
memory/4916-226-0x00007FFF2AE20000-0x00007FFF2B856000-memory.dmp

Filesize
10.2MB

Download
memory/4916-225-0x0000000000000000-mapping.dmp

Download
memory/4968-213-0x0000000000000000-mapping.dmp

Download
memory/4968-214-0x00007FFF2AE20000-0x00007FFF2B856000-memory.dmp

Filesize
10.2MB

Download
memory/4984-203-0x0000000000000000-mapping.dmp

Download
memory/4984-204-0x00007FFF2AE20000-0x00007FFF2B856000-memory.dmp

Filesize
10.2MB

Download
memory/5020-180-0x00007FFF2AE20000-0x00007FFF2B856000-memory.dmp

Filesize
10.2MB

Download
memory/5020-179-0x0000000000000000-mapping.dmp

Download
memory/5040-231-0x0000000000000000-mapping.dmp

Download
memory/5040-232-0x00007FFF2AE20000-0x00007FFF2B856000-memory.dmp

Filesize
10.2MB

Download
memory/5060-251-0x0000000000000000-mapping.dmp

Download
memory/5060-252-0x00007FFF2AE20000-0x00007FFF2B856000-memory.dmp

Filesize
10.2MB

Download
memory/5092-212-0x00007FFF2AE20000-0x00007FFF2B856000-memory.dmp

Filesize
10.2MB

Download
memory/5092-211-0x0000000000000000-mapping.dmp

Download

description	pid	process	target process
PID 2300 wrote to memory of 1860	2300	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
PID 2300 wrote to memory of 1860	2300	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
PID 1860 wrote to memory of 1004	1860	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
PID 1860 wrote to memory of 1004	1860	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
PID 1004 wrote to memory of 1564	1004	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
PID 1004 wrote to memory of 1564	1004	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
PID 1564 wrote to memory of 1824	1564	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
PID 1564 wrote to memory of 1824	1564	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
PID 1824 wrote to memory of 4828	1824	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
PID 1824 wrote to memory of 4828	1824	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
PID 4828 wrote to memory of 2760	4828	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
PID 4828 wrote to memory of 2760	4828	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
PID 2760 wrote to memory of 4688	2760	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
PID 2760 wrote to memory of 4688	2760	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
PID 4688 wrote to memory of 2492	4688	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
PID 4688 wrote to memory of 2492	4688	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
PID 2492 wrote to memory of 2192	2492	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
PID 2492 wrote to memory of 2192	2492	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
PID 2192 wrote to memory of 2712	2192	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
PID 2192 wrote to memory of 2712	2192	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
PID 2712 wrote to memory of 2076	2712	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
PID 2712 wrote to memory of 2076	2712	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
PID 2076 wrote to memory of 2264	2076	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
PID 2076 wrote to memory of 2264	2076	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
PID 2264 wrote to memory of 360	2264	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
PID 2264 wrote to memory of 360	2264	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
PID 360 wrote to memory of 2600	360	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
PID 360 wrote to memory of 2600	360	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
PID 2600 wrote to memory of 4152	2600	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
PID 2600 wrote to memory of 4152	2600	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
PID 4152 wrote to memory of 4912	4152	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
PID 4152 wrote to memory of 4912	4152	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
PID 4912 wrote to memory of 3204	4912	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
PID 4912 wrote to memory of 3204	4912	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
PID 3204 wrote to memory of 972	3204	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
PID 3204 wrote to memory of 972	3204	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
PID 972 wrote to memory of 4064	972	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
PID 972 wrote to memory of 4064	972	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
PID 4064 wrote to memory of 3304	4064	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
PID 4064 wrote to memory of 3304	4064	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
PID 3304 wrote to memory of 1472	3304	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
PID 3304 wrote to memory of 1472	3304	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
PID 1472 wrote to memory of 5020	1472	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
PID 1472 wrote to memory of 5020	1472	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
PID 5020 wrote to memory of 4248	5020	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
PID 5020 wrote to memory of 4248	5020	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
PID 4248 wrote to memory of 3628	4248	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
PID 4248 wrote to memory of 3628	4248	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
PID 3628 wrote to memory of 4320	3628	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
PID 3628 wrote to memory of 4320	3628	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
PID 4320 wrote to memory of 1352	4320	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
PID 4320 wrote to memory of 1352	4320	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
PID 1352 wrote to memory of 4336	1352	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
PID 1352 wrote to memory of 4336	1352	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
PID 4336 wrote to memory of 3604	4336	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
PID 4336 wrote to memory of 3604	4336	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
PID 3604 wrote to memory of 1672	3604	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
PID 3604 wrote to memory of 1672	3604	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
PID 1672 wrote to memory of 4236	1672	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
PID 1672 wrote to memory of 4236	1672	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
PID 4236 wrote to memory of 3032	4236	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
PID 4236 wrote to memory of 3032	4236	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
PID 3032 wrote to memory of 4212	3032	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe
PID 3032 wrote to memory of 4212	3032	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe	a480a45725ed05e73779e4b91eda7a837c0605e59c1041d41eafec0a42b07eec.exe