darkcomet | b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16

Analysis

max time kernel
153s
max time network
48s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
25-11-2022 07:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exe
Size

1.3MB
MD5

4dd4a5c74034498434724debef376a54
SHA1

0b9cf9f9bbfba22571b26ec10503b1dad414e911
SHA256

b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16
SHA512

ced8c5af216e0dc95b126188cdc22447de0a9b23d31970292e784218d1b7eed2b7fda075dbd5d98d7cbc711c44b8487a1e6307c4ef15dfecc646f6ebc77629cf
SSDEEP

24576:A0lbTbMMwHinuNNd+AK9yB5RMTJ7g0FQ1oSic0:ZlTYMwHAh9yOTw

Score

10^/10

darkcomet victim evasion persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Victim

camohomopopper.no-ip.biz:55152

camohomohopper.no-ip.biz:55151

Mutex

DC_MUTEX-FY6YKFW

Attributes

gencode
mfXATs7kpnnT
install
false
offline_keylogger
true
persistence
false

Signatures

Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
trojan rat darkcomet
Executes dropped EXE 3 IoCs

Processes:

IpOverUsbSvrc.exeAcctres.exeIpOverUsbSvrc.exe

pid process

1616 IpOverUsbSvrc.exe
624 Acctres.exe
1244 IpOverUsbSvrc.exe
Sets file to hidden 1 TTPs 9 IoCs
Modifies file attributes to stop it showing in Explorer etc.
evasion

Hidden Files and Directories
T1158

Processes:

attrib.exeattrib.exeattrib.exeattrib.exeattrib.exeattrib.exeattrib.exeattrib.exeattrib.exe

pid process

1516 attrib.exe
1884 attrib.exe
904 attrib.exe
2036 attrib.exe
240 attrib.exe
1092 attrib.exe
1852 attrib.exe
1660 attrib.exe
1440 attrib.exe
Loads dropped DLL 2 IoCs

Processes:

b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exeIpOverUsbSvrc.exe

pid process

1720 b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exe
1616 IpOverUsbSvrc.exe
Uses the VBS compiler for execution 1 TTPs

Scripting
T1064

pid	process
1616	IpOverUsbSvrc.exe
624	Acctres.exe
1244	IpOverUsbSvrc.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

IpOverUsbSvrc.exeIpOverUsbSvrc.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Windows\CurrentVersion\Run\Multimedia Class Scheduler = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\IpOverUsbSvrc.exe"	IpOverUsbSvrc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Windows\CurrentVersion\Run\Multimedia Class Scheduler = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\IpOverUsbSvrc.exe"	IpOverUsbSvrc.exe

Suspicious use of SetThreadContext 64 IoCs

Processes:

b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exeAcctres.exe

description	pid	process	target process
PID 1720 set thread context of 1752	1720	b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exe	vbc.exe
PID 624 set thread context of 2004	624	Acctres.exe	vbc.exe
PID 624 set thread context of 760	624	Acctres.exe	vbc.exe
PID 624 set thread context of 1364	624	Acctres.exe	vbc.exe
PID 624 set thread context of 2044	624	Acctres.exe	vbc.exe
PID 624 set thread context of 928	624	Acctres.exe	vbc.exe
PID 624 set thread context of 268	624	Acctres.exe	vbc.exe
PID 624 set thread context of 1264	624	Acctres.exe	vbc.exe
PID 624 set thread context of 1692	624	Acctres.exe	vbc.exe
PID 624 set thread context of 1360	624	Acctres.exe	vbc.exe
PID 624 set thread context of 676	624	Acctres.exe	vbc.exe
PID 624 set thread context of 1508	624	Acctres.exe	vbc.exe
PID 624 set thread context of 1544	624	Acctres.exe	vbc.exe
PID 624 set thread context of 1172	624	Acctres.exe	vbc.exe
PID 624 set thread context of 1160	624	Acctres.exe	vbc.exe
PID 624 set thread context of 372	624	Acctres.exe	vbc.exe
PID 624 set thread context of 1048	624	Acctres.exe	vbc.exe
PID 624 set thread context of 2032	624	Acctres.exe	vbc.exe
PID 624 set thread context of 1312	624	Acctres.exe	vbc.exe
PID 624 set thread context of 912	624	Acctres.exe	vbc.exe
PID 624 set thread context of 980	624	Acctres.exe	vbc.exe
PID 624 set thread context of 1356	624	Acctres.exe	vbc.exe
PID 624 set thread context of 1060	624	Acctres.exe	vbc.exe
PID 624 set thread context of 1724	624	Acctres.exe	vbc.exe
PID 624 set thread context of 540	624	Acctres.exe	vbc.exe
PID 624 set thread context of 368	624	Acctres.exe	vbc.exe
PID 624 set thread context of 1216	624	Acctres.exe	vbc.exe
PID 624 set thread context of 1080	624	Acctres.exe	vbc.exe
PID 624 set thread context of 1668	624	Acctres.exe	vbc.exe
PID 624 set thread context of 1368	624	Acctres.exe	vbc.exe
PID 624 set thread context of 1596	624	Acctres.exe	vbc.exe
PID 624 set thread context of 1960	624	Acctres.exe	vbc.exe
PID 624 set thread context of 556	624	Acctres.exe	vbc.exe
PID 624 set thread context of 2036	624	Acctres.exe	vbc.exe
PID 624 set thread context of 800	624	Acctres.exe	vbc.exe
PID 624 set thread context of 1684	624	Acctres.exe	vbc.exe
PID 624 set thread context of 1524	624	Acctres.exe	vbc.exe
PID 624 set thread context of 876	624	Acctres.exe	vbc.exe
PID 624 set thread context of 1788	624	Acctres.exe	vbc.exe
PID 624 set thread context of 1584	624	Acctres.exe	vbc.exe
PID 624 set thread context of 1816	624	Acctres.exe	vbc.exe
PID 624 set thread context of 1784	624	Acctres.exe	vbc.exe
PID 624 set thread context of 1976	624	Acctres.exe	vbc.exe
PID 624 set thread context of 1588	624	Acctres.exe	vbc.exe
PID 624 set thread context of 1672	624	Acctres.exe	vbc.exe
PID 624 set thread context of 2128	624	Acctres.exe	vbc.exe
PID 624 set thread context of 2220	624	Acctres.exe	vbc.exe
PID 624 set thread context of 2312	624	Acctres.exe	vbc.exe
PID 624 set thread context of 2404	624	Acctres.exe	vbc.exe
PID 624 set thread context of 2496	624	Acctres.exe	vbc.exe
PID 624 set thread context of 2588	624	Acctres.exe	vbc.exe
PID 624 set thread context of 2680	624	Acctres.exe	vbc.exe
PID 624 set thread context of 2772	624	Acctres.exe	vbc.exe
PID 624 set thread context of 2864	624	Acctres.exe	vbc.exe
PID 624 set thread context of 2956	624	Acctres.exe	vbc.exe
PID 624 set thread context of 3048	624	Acctres.exe	vbc.exe
PID 624 set thread context of 2108	624	Acctres.exe	vbc.exe
PID 624 set thread context of 2208	624	Acctres.exe	vbc.exe
PID 624 set thread context of 2324	624	Acctres.exe	vbc.exe
PID 624 set thread context of 2420	624	Acctres.exe	vbc.exe
PID 624 set thread context of 2520	624	Acctres.exe	vbc.exe
PID 624 set thread context of 2620	624	Acctres.exe	vbc.exe
PID 624 set thread context of 2676	624	Acctres.exe	vbc.exe
PID 624 set thread context of 2820	624	Acctres.exe	vbc.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Runs ping.exe 1 TTPs 8 IoCs

Remote System Discovery
T1018

Processes:

PING.EXEPING.EXEPING.EXEPING.EXEPING.EXEPING.EXEPING.EXEPING.EXE

pid process

1316 PING.EXE
1816 PING.EXE
676 PING.EXE
1964 PING.EXE
1680 PING.EXE
1784 PING.EXE
788 PING.EXE
1940 PING.EXE

pid	process
1316	PING.EXE
1816	PING.EXE
676	PING.EXE
1964	PING.EXE
1680	PING.EXE
1784	PING.EXE
788	PING.EXE
1940	PING.EXE

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exeIpOverUsbSvrc.exeAcctres.exe

pid	process
1720	b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exe
1720	b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exe
1720	b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exe
1720	b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exe
1720	b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exe
1720	b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exe
1720	b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exe
1720	b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exe
1720	b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exe
1720	b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exe
1720	b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exe
1720	b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exe
1720	b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exe
1720	b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exe
1720	b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exe
1720	b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exe
1720	b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exe
1720	b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exe
1720	b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exe
1720	b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exe
1720	b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exe
1720	b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exe
1720	b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exe
1720	b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exe
1720	b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exe
1720	b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exe
1720	b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exe
1720	b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exe
1616	IpOverUsbSvrc.exe
1720	b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exe
1720	b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exe
1720	b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exe
1720	b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exe
1720	b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exe
1720	b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exe
1720	b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exe
1720	b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exe
1720	b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exe
1720	b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exe
1720	b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exe
1720	b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exe
1720	b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exe
1720	b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exe
1720	b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exe
1720	b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exe
1720	b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exe
1616	IpOverUsbSvrc.exe
1720	b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exe
1720	b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exe
1616	IpOverUsbSvrc.exe
1720	b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exe
1720	b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exe
1616	IpOverUsbSvrc.exe
1720	b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exe
1720	b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exe
1616	IpOverUsbSvrc.exe
1720	b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exe
1720	b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exe
1616	IpOverUsbSvrc.exe
1720	b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exe
1720	b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exe
1720	b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exe
1720	b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exe
624	Acctres.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exeWMIC.exevbc.exe

description	pid	process
Token: SeDebugPrivilege	1720	b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exe
Token: SeIncreaseQuotaPrivilege	1268	WMIC.exe
Token: SeSecurityPrivilege	1268	WMIC.exe
Token: SeTakeOwnershipPrivilege	1268	WMIC.exe
Token: SeLoadDriverPrivilege	1268	WMIC.exe
Token: SeSystemProfilePrivilege	1268	WMIC.exe
Token: SeSystemtimePrivilege	1268	WMIC.exe
Token: SeProfSingleProcessPrivilege	1268	WMIC.exe
Token: SeIncBasePriorityPrivilege	1268	WMIC.exe
Token: SeCreatePagefilePrivilege	1268	WMIC.exe
Token: SeBackupPrivilege	1268	WMIC.exe
Token: SeRestorePrivilege	1268	WMIC.exe
Token: SeShutdownPrivilege	1268	WMIC.exe
Token: SeDebugPrivilege	1268	WMIC.exe
Token: SeSystemEnvironmentPrivilege	1268	WMIC.exe
Token: SeRemoteShutdownPrivilege	1268	WMIC.exe
Token: SeUndockPrivilege	1268	WMIC.exe
Token: SeManageVolumePrivilege	1268	WMIC.exe
Token: 33	1268	WMIC.exe
Token: 34	1268	WMIC.exe
Token: 35	1268	WMIC.exe
Token: SeIncreaseQuotaPrivilege	1752	vbc.exe
Token: SeSecurityPrivilege	1752	vbc.exe
Token: SeTakeOwnershipPrivilege	1752	vbc.exe
Token: SeLoadDriverPrivilege	1752	vbc.exe
Token: SeSystemProfilePrivilege	1752	vbc.exe
Token: SeSystemtimePrivilege	1752	vbc.exe
Token: SeProfSingleProcessPrivilege	1752	vbc.exe
Token: SeIncBasePriorityPrivilege	1752	vbc.exe
Token: SeCreatePagefilePrivilege	1752	vbc.exe
Token: SeBackupPrivilege	1752	vbc.exe
Token: SeRestorePrivilege	1752	vbc.exe
Token: SeShutdownPrivilege	1752	vbc.exe
Token: SeDebugPrivilege	1752	vbc.exe
Token: SeSystemEnvironmentPrivilege	1752	vbc.exe
Token: SeChangeNotifyPrivilege	1752	vbc.exe
Token: SeRemoteShutdownPrivilege	1752	vbc.exe
Token: SeUndockPrivilege	1752	vbc.exe
Token: SeManageVolumePrivilege	1752	vbc.exe
Token: SeImpersonatePrivilege	1752	vbc.exe
Token: SeCreateGlobalPrivilege	1752	vbc.exe
Token: 33	1752	vbc.exe
Token: 34	1752	vbc.exe
Token: 35	1752	vbc.exe
Token: SeIncreaseQuotaPrivilege	1268	WMIC.exe
Token: SeSecurityPrivilege	1268	WMIC.exe
Token: SeTakeOwnershipPrivilege	1268	WMIC.exe
Token: SeLoadDriverPrivilege	1268	WMIC.exe
Token: SeSystemProfilePrivilege	1268	WMIC.exe
Token: SeSystemtimePrivilege	1268	WMIC.exe
Token: SeProfSingleProcessPrivilege	1268	WMIC.exe
Token: SeIncBasePriorityPrivilege	1268	WMIC.exe
Token: SeCreatePagefilePrivilege	1268	WMIC.exe
Token: SeBackupPrivilege	1268	WMIC.exe
Token: SeRestorePrivilege	1268	WMIC.exe
Token: SeShutdownPrivilege	1268	WMIC.exe
Token: SeDebugPrivilege	1268	WMIC.exe
Token: SeSystemEnvironmentPrivilege	1268	WMIC.exe
Token: SeRemoteShutdownPrivilege	1268	WMIC.exe
Token: SeUndockPrivilege	1268	WMIC.exe
Token: SeManageVolumePrivilege	1268	WMIC.exe
Token: 33	1268	WMIC.exe
Token: 34	1268	WMIC.exe
Token: 35	1268	WMIC.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

vbc.exe

pid process

1752 vbc.exe

pid	process
1752	vbc.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.execmd.exe

description	pid	process	target process
PID 1720 wrote to memory of 1764	1720	b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exe	cmd.exe
PID 1720 wrote to memory of 1764	1720	b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exe	cmd.exe
PID 1720 wrote to memory of 1764	1720	b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exe	cmd.exe
PID 1720 wrote to memory of 1764	1720	b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exe	cmd.exe
PID 1720 wrote to memory of 1752	1720	b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exe	vbc.exe
PID 1720 wrote to memory of 1752	1720	b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exe	vbc.exe
PID 1720 wrote to memory of 1752	1720	b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exe	vbc.exe
PID 1720 wrote to memory of 1752	1720	b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exe	vbc.exe
PID 1764 wrote to memory of 240	1764	cmd.exe	attrib.exe
PID 1764 wrote to memory of 240	1764	cmd.exe	attrib.exe
PID 1764 wrote to memory of 240	1764	cmd.exe	attrib.exe
PID 1764 wrote to memory of 240	1764	cmd.exe	attrib.exe
PID 1720 wrote to memory of 1752	1720	b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exe	vbc.exe
PID 1720 wrote to memory of 1752	1720	b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exe	vbc.exe
PID 1764 wrote to memory of 1516	1764	cmd.exe	attrib.exe
PID 1764 wrote to memory of 1516	1764	cmd.exe	attrib.exe
PID 1764 wrote to memory of 1516	1764	cmd.exe	attrib.exe
PID 1764 wrote to memory of 1516	1764	cmd.exe	attrib.exe
PID 1720 wrote to memory of 1752	1720	b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exe	vbc.exe
PID 1764 wrote to memory of 1884	1764	cmd.exe	attrib.exe
PID 1764 wrote to memory of 1884	1764	cmd.exe	attrib.exe
PID 1764 wrote to memory of 1884	1764	cmd.exe	attrib.exe
PID 1764 wrote to memory of 1884	1764	cmd.exe	attrib.exe
PID 1720 wrote to memory of 1752	1720	b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exe	vbc.exe
PID 1720 wrote to memory of 1752	1720	b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exe	vbc.exe
PID 1764 wrote to memory of 1092	1764	cmd.exe	attrib.exe
PID 1764 wrote to memory of 1092	1764	cmd.exe	attrib.exe
PID 1764 wrote to memory of 1092	1764	cmd.exe	attrib.exe
PID 1764 wrote to memory of 1092	1764	cmd.exe	attrib.exe
PID 1720 wrote to memory of 1752	1720	b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exe	vbc.exe
PID 1720 wrote to memory of 1752	1720	b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exe	vbc.exe
PID 1764 wrote to memory of 1852	1764	cmd.exe	attrib.exe
PID 1764 wrote to memory of 1852	1764	cmd.exe	attrib.exe
PID 1764 wrote to memory of 1852	1764	cmd.exe	attrib.exe
PID 1764 wrote to memory of 1852	1764	cmd.exe	attrib.exe
PID 1720 wrote to memory of 1752	1720	b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exe	vbc.exe
PID 1720 wrote to memory of 1752	1720	b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exe	vbc.exe
PID 1764 wrote to memory of 1004	1764	cmd.exe	attrib.exe
PID 1764 wrote to memory of 1004	1764	cmd.exe	attrib.exe
PID 1764 wrote to memory of 1004	1764	cmd.exe	attrib.exe
PID 1764 wrote to memory of 1004	1764	cmd.exe	attrib.exe
PID 1764 wrote to memory of 1268	1764	cmd.exe	WMIC.exe
PID 1764 wrote to memory of 1268	1764	cmd.exe	WMIC.exe
PID 1764 wrote to memory of 1268	1764	cmd.exe	WMIC.exe
PID 1764 wrote to memory of 1268	1764	cmd.exe	WMIC.exe
PID 1764 wrote to memory of 1264	1764	cmd.exe	find.exe
PID 1764 wrote to memory of 1264	1764	cmd.exe	find.exe
PID 1764 wrote to memory of 1264	1764	cmd.exe	find.exe
PID 1764 wrote to memory of 1264	1764	cmd.exe	find.exe
PID 1720 wrote to memory of 1616	1720	b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exe	IpOverUsbSvrc.exe
PID 1720 wrote to memory of 1616	1720	b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exe	IpOverUsbSvrc.exe
PID 1720 wrote to memory of 1616	1720	b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exe	IpOverUsbSvrc.exe
PID 1720 wrote to memory of 1616	1720	b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exe	IpOverUsbSvrc.exe
PID 1764 wrote to memory of 904	1764	cmd.exe	attrib.exe
PID 1764 wrote to memory of 904	1764	cmd.exe	attrib.exe
PID 1764 wrote to memory of 904	1764	cmd.exe	attrib.exe
PID 1764 wrote to memory of 904	1764	cmd.exe	attrib.exe
PID 1764 wrote to memory of 540	1764	cmd.exe	attrib.exe
PID 1764 wrote to memory of 540	1764	cmd.exe	attrib.exe
PID 1764 wrote to memory of 540	1764	cmd.exe	attrib.exe
PID 1764 wrote to memory of 540	1764	cmd.exe	attrib.exe
PID 1764 wrote to memory of 1872	1764	cmd.exe	attrib.exe
PID 1764 wrote to memory of 1872	1764	cmd.exe	attrib.exe
PID 1764 wrote to memory of 1872	1764	cmd.exe	attrib.exe

Views/modifies file attributes 1 TTPs 13 IoCs

evasion

Hidden Files and Directories

T1158

Processes:

attrib.exeattrib.exeattrib.exeattrib.exeattrib.exeattrib.exeattrib.exeattrib.exeattrib.exeattrib.exeattrib.exeattrib.exeattrib.exe

pid	process
1516	attrib.exe
1092	attrib.exe
1528	attrib.exe
1004	attrib.exe
904	attrib.exe
540	attrib.exe
1872	attrib.exe
1660	attrib.exe
240	attrib.exe
1884	attrib.exe
1852	attrib.exe
2036	attrib.exe
1440	attrib.exe

C:\Users\Admin\AppData\Local\Temp\b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exe
"C:\Users\Admin\AppData\Local\Temp\b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1720

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Roaming\A9823473.bat" "
2⤵
- Suspicious use of WriteProcessMemory
PID:1764

C:\Windows\SysWOW64\attrib.exe
attrib C:\Users\Admin\AppData\Roaming\A9823473.bat +s +h
3⤵
- Sets file to hidden
- Views/modifies file attributes
PID:240

C:\Windows\SysWOW64\attrib.exe
attrib C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Acctres.exe +s +h
3⤵
- Sets file to hidden
- Views/modifies file attributes
PID:1516

C:\Windows\SysWOW64\attrib.exe
attrib C:\Users\Admin\AppData\Roaming\Microsoft\Windows\WUDHost.exe +s +h
3⤵
- Sets file to hidden
- Views/modifies file attributes
PID:1884

C:\Windows\SysWOW64\attrib.exe
attrib C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IpOverUsbSvrc.exe +s +h
3⤵
- Sets file to hidden
- Views/modifies file attributes
PID:1092

C:\Windows\SysWOW64\attrib.exe
attrib C:\Users\Admin\AppData\Roaming\dclogs +s +h
3⤵
- Sets file to hidden
- Views/modifies file attributes
PID:1852

C:\Windows\SysWOW64\attrib.exe
attrib C:\Users\Admin\AppData\Local\Temp\check.txt -s -h
3⤵
- Views/modifies file attributes
PID:1004

C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic process where name="cmd.exe"
3⤵
- Suspicious use of AdjustPrivilegeToken
PID:1268

C:\Windows\SysWOW64\find.exe
find "cmd" /c
3⤵
PID:1264

C:\Windows\SysWOW64\attrib.exe
attrib C:\Users\Admin\AppData\Local\Temp\check.txt +s +h
3⤵
- Sets file to hidden
- Views/modifies file attributes
PID:904

C:\Windows\SysWOW64\attrib.exe
attrib C:\Users\Admin\AppData\Local\Temp\74658463.vbs -s -h
3⤵
- Views/modifies file attributes
PID:540

C:\Windows\SysWOW64\attrib.exe
attrib C:\Users\Admin\AppData\Local\Temp\982365827.vbs -s -h
3⤵
- Views/modifies file attributes
PID:1872

C:\Windows\SysWOW64\attrib.exe
attrib C:\Users\Admin\AppData\Local\Temp\749465939.vbs -s -h
3⤵
- Views/modifies file attributes
PID:1528

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\74658463.vbs"
3⤵
PID:1812

C:\Windows\SysWOW64\attrib.exe
attrib C:\Users\Admin\AppData\Local\Temp\74658463.vbs +s +h
3⤵
- Sets file to hidden
- Views/modifies file attributes
PID:1660

C:\Windows\SysWOW64\attrib.exe
attrib C:\Users\Admin\AppData\Local\Temp\982365827.vbs +s +h
3⤵
- Sets file to hidden
- Views/modifies file attributes
PID:2036

C:\Windows\SysWOW64\attrib.exe
attrib C:\Users\Admin\AppData\Local\Temp\749465939.vbs +s +h
3⤵
- Sets file to hidden
- Views/modifies file attributes
PID:1440

C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 15 -w 1000
3⤵
- Runs ping.exe
PID:1316

C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 4 -w 1000
3⤵
- Runs ping.exe
PID:1816

C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 4 -w 1000
3⤵
- Runs ping.exe
PID:676

C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 4 -w 1000
3⤵
- Runs ping.exe
PID:1964

C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 4 -w 1000
3⤵
- Runs ping.exe
PID:1680

C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 4 -w 1000
3⤵
- Runs ping.exe
PID:1784

C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 4 -w 1000
3⤵
- Runs ping.exe
PID:788

C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 5 -w 1000
3⤵
- Runs ping.exe
PID:1940

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1752

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IpOverUsbSvrc.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IpOverUsbSvrc.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
PID:1616

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Acctres.exe
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Acctres.exe
3⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
PID:624

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2004

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:760

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:1364

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2044

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:928

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:268

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:1264

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:1692

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:1360

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:676

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:1508

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:1544

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:1172

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:1160

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:372

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:1048

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2032

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:1312

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:912

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:980

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:1356

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:1060

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:1724

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:540

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:368

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:1216

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:1080

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:1668

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:1368

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:1596

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:1960

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:556

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2036

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:800

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:1684

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:1524

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:876

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:1788

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:1584

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:1816

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:1784

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:1976

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:1588

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:1672

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2128

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2220

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2312

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2404

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2496

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2588

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2680

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2772

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2864

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2956

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3048

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2108

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2208

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2324

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2420

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2520

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2620

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2676

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2820

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2920

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3016

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2088

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2200

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2320

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2432

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2540

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2652

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2780

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2888

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2992

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2072

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2172

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2264

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2384

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2508

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2632

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:1004

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2848

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2972

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2056

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:288

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2276

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2392

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2492

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2660

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2788

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2904

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3056

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2124

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2216

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2368

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2528

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2664

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2760

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2916

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:1276

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2164

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2296

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2428

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2596

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2744

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2880

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3032

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2152

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2256

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2376

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2568

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2716

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2872

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3008

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2160

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2272

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2456

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2640

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2796

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2980

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2140

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:1700

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2448

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2688

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2816

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3060

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2180

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2348

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2556

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2736

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2968

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:948

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2352

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2580

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2812

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2052

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2204

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2416

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:1512

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2944

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2144

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2412

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2700

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2936

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:1956

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2468

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:1288

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:1756

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2300

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:1944

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2940

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2260

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2524

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2876

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2244

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2616

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3000

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2360

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2800

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:1104

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2712

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2084

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2504

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:1608

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2488

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2104

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:1460

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:1548

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2892

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2480

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2184

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3044

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2828

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2728

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2548

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2856

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3012

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2116

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2444

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2304

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2340

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2900

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2400

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:544

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2476

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3156

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3248

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3340

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3432

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3524

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3616

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3708

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3800

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3892

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3984

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4080

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3148

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3260

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3356

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3456

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3556

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3656

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3756

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3860

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3952

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4056

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3132

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3240

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3364

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3472

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3576

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3688

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3808

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3916

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4020

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3104

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3224

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3348

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3480

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3596

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3716

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3836

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3956

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4068

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3180

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3304

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3440

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3572

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3704

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3848

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3976

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3088

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3212

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3376

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3512

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3652

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3788

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3932

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4092

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3208

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3388

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3520

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3684

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3876

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4016

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3172

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3324

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3500

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3664

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3880

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4044

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3200

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3404

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3584

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3776

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4000

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3144

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3380

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3564

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3764

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4008

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3236

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3420

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3640

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3912

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3096

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3312

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3592

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3868

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2120

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3296

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3548

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3908

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3108

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3400

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3700

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:1532

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3288

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:1836

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3924

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3168

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3496

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3904

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3268

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3624

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4004

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3328

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3748

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3184

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3648

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2040

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3632

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4076

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3536

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3128

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3736

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3332

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3996

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3732

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3416

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3232

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4012

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3944

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:296

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4052

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3292

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3488

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3112

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3832

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3308

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3852

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3508

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:3468

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4172

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4264

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4356

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4448

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4540

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4632

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4724

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4816

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4912

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:5004

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:5096

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4160

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4260

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4372

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4468

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4568

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4668

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4772

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4868

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4968

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:5068

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4140

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4248

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4364

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4476

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4592

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4692

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4804

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4920

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:5028

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4104

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4220

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4336

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4460

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4584

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4708

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4828

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4948

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:5064

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4168

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4296

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4424

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4548

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4684

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4824

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:2024

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:5080

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4204

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4332

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4492

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4624

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4760

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4900

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:5048

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4188

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4316

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4508

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4652

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4800

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4972

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4100

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4276

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4432

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4612

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4780

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4964

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4112

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4292

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4496

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4696

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4876

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:5056

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4236

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4428

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4648

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4864

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:5076

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4244

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4516

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4732

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4940

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4132

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4400

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4640

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
4⤵
PID:4904

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IpOverUsbSvrc.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IpOverUsbSvrc.exe"
2⤵
- Executes dropped EXE
- Adds Run key to start application
PID:1244

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

T1064

Persistence

Hidden Files and Directories

T1158

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Hidden Files and Directories

T1158

Modify Registry

T1112

Scripting

T1064

Credential Access

Discovery

Remote System Discovery

T1018

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\74658463.vbs
Filesize
406B

MD5
89003d310490411cda7137d2759272ea

SHA1
c64d76a6e3bb32008a8fd13ba3b40da95a87eac1

SHA256
08ac0c196ca9bbd3e1790916b873391e58b644ffe260c8b7502dbc46b23420ec

SHA512
dc13671a3d04ec48fea7869b74caa267a1a53ff455015be403b69cf247569fb2955b9a92427ded90e5ab6efa935a1fc04dc6f6345cd20cd1c53a6f371ea29959

Download Submit
C:\Users\Admin\AppData\Local\Temp\749465939.vbs
Filesize
82B

MD5
2fa700a503431c22ab8b7fb8741b5866

SHA1
9a2d4b762940627623b2559332334ac01c93b306

SHA256
07f1a23f7fc5f8bdc865fd782d7c9d520f21e665fb797f4158fc42614f67acf1

SHA512
38fe63abc2371d8668063bff9134239b3f7be3d1ee307160294fd38642c5448a86749c65c034b90667599aae8ad17ac65a8151bf55ea7cf25385884c0acb44ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\982365827.vbs
Filesize
86B

MD5
b5e28c9e2c8fe8e090dff1d681b16879

SHA1
ad276939f9297392e9200f1a489dc01f984c407f

SHA256
94c9858b6251e0d1c915fecaa70ba499e885f7c5a40a39209abf7d4a54384663

SHA512
0e3bb85e98bf40714fc591c2041a302132fc1ecc613255ed339ab9f71757ef224cced54787f6ed35ea04912f49c14a81921c558fd19257a8a150e72da15cb324

Download Submit
C:\Users\Admin\AppData\Local\Temp\check.txt
Filesize
3B

MD5
a5ea0ad9260b1550a14cc58d2c39b03d

SHA1
f0aedf295071ed34ab8c6a7692223d22b6a19841

SHA256
f1b2f662800122bed0ff255693df89c4487fbdcf453d3524a42d4ec20c3d9c04

SHA512
7c735c613ece191801114785c1ee26a0485cbf1e8ee2c3b85ba1ad290ef75eec9fede5e1a5dc26d504701f3542e6b6457818f4c1d62448d0db40d5f35c357d74

Download Submit
C:\Users\Admin\AppData\Roaming\A9823473.bat
Filesize
22KB

MD5
bce1a7643388c6d1d3b9159fcf6896ee

SHA1
0959b30b456f496ce56a91dcd95dcd0d2771093a

SHA256
ae532b2f76cc7874135a6551d7e2f4ef80bce1225380f51b7f71f0c58c3c2f05

SHA512
0fadcc4f24b4cc2cfe59bf58c809448f0516a3459e584e6e87ca4059601f10ff3d7cd7ccb8d093c495716c9491bd821d58dd35dfe60dd7685eb49341e27c3952

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Acctres.exe
Filesize
1.3MB

MD5
4dd4a5c74034498434724debef376a54

SHA1
0b9cf9f9bbfba22571b26ec10503b1dad414e911

SHA256
b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16

SHA512
ced8c5af216e0dc95b126188cdc22447de0a9b23d31970292e784218d1b7eed2b7fda075dbd5d98d7cbc711c44b8487a1e6307c4ef15dfecc646f6ebc77629cf

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Acctres.exe
Filesize
1.3MB

MD5
4dd4a5c74034498434724debef376a54

SHA1
0b9cf9f9bbfba22571b26ec10503b1dad414e911

SHA256
b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16

SHA512
ced8c5af216e0dc95b126188cdc22447de0a9b23d31970292e784218d1b7eed2b7fda075dbd5d98d7cbc711c44b8487a1e6307c4ef15dfecc646f6ebc77629cf

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IpOverUsbSvrc.exe
Filesize
17KB

MD5
fd03ff313a655e0b59dce81044bc6341

SHA1
0fa0dc26876f636956c3de82685bdbbc8ad3ef86

SHA256
1f1c8c1458eaee47a448513db52ddb536406146d48793c3c24f41eb72b13cec9

SHA512
00fdf54987cb8abd0c68619e02991aeb50e5509ea56b0e5fa613ac29fddcc57c585cd0e5be055cb5c6563828b6a631666fe6e7004dada7607ddd903659264ddd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IpOverUsbSvrc.exe
Filesize
17KB

MD5
fd03ff313a655e0b59dce81044bc6341

SHA1
0fa0dc26876f636956c3de82685bdbbc8ad3ef86

SHA256
1f1c8c1458eaee47a448513db52ddb536406146d48793c3c24f41eb72b13cec9

SHA512
00fdf54987cb8abd0c68619e02991aeb50e5509ea56b0e5fa613ac29fddcc57c585cd0e5be055cb5c6563828b6a631666fe6e7004dada7607ddd903659264ddd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IpOverUsbSvrc.exe
Filesize
17KB

MD5
fd03ff313a655e0b59dce81044bc6341

SHA1
0fa0dc26876f636956c3de82685bdbbc8ad3ef86

SHA256
1f1c8c1458eaee47a448513db52ddb536406146d48793c3c24f41eb72b13cec9

SHA512
00fdf54987cb8abd0c68619e02991aeb50e5509ea56b0e5fa613ac29fddcc57c585cd0e5be055cb5c6563828b6a631666fe6e7004dada7607ddd903659264ddd

Download Submit
\Users\Admin\AppData\Roaming\Microsoft\Windows\Acctres.exe
Filesize
1.3MB

MD5
4dd4a5c74034498434724debef376a54

SHA1
0b9cf9f9bbfba22571b26ec10503b1dad414e911

SHA256
b04764c4e8226972d49e934be8be0e50b533fb9d86b5f56fc4132c614c9bcd16

SHA512
ced8c5af216e0dc95b126188cdc22447de0a9b23d31970292e784218d1b7eed2b7fda075dbd5d98d7cbc711c44b8487a1e6307c4ef15dfecc646f6ebc77629cf

Download Submit
\Users\Admin\AppData\Roaming\Microsoft\Windows\IpOverUsbSvrc.exe
Filesize
17KB

MD5
fd03ff313a655e0b59dce81044bc6341

SHA1
0fa0dc26876f636956c3de82685bdbbc8ad3ef86

SHA256
1f1c8c1458eaee47a448513db52ddb536406146d48793c3c24f41eb72b13cec9

SHA512
00fdf54987cb8abd0c68619e02991aeb50e5509ea56b0e5fa613ac29fddcc57c585cd0e5be055cb5c6563828b6a631666fe6e7004dada7607ddd903659264ddd

Download Submit
memory/240-60-0x0000000000000000-mapping.dmp

Download
memory/268-242-0x000000000048F888-mapping.dmp

Download
memory/268-246-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/368-623-0x000000000048F888-mapping.dmp

Download
memory/368-627-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/372-422-0x000000000048F888-mapping.dmp

Download
memory/372-426-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/540-607-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/540-95-0x0000000000000000-mapping.dmp

Download
memory/540-603-0x000000000048F888-mapping.dmp

Download
memory/556-768-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/556-764-0x000000000048F888-mapping.dmp

Download
memory/624-112-0x0000000000000000-mapping.dmp

Download
memory/624-115-0x0000000074990000-0x0000000074F3B000-memory.dmp

Filesize
5.7MB

Download
memory/624-119-0x0000000074990000-0x0000000074F3B000-memory.dmp

Filesize
5.7MB

Download
memory/676-322-0x000000000048F888-mapping.dmp

Download
memory/676-326-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/676-117-0x0000000000000000-mapping.dmp

Download
memory/760-161-0x000000000048F888-mapping.dmp

Download
memory/760-165-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/788-546-0x0000000000000000-mapping.dmp

Download
memory/800-808-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/800-804-0x000000000048F888-mapping.dmp

Download
memory/876-867-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/904-93-0x0000000000000000-mapping.dmp

Download
memory/912-506-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/912-502-0x000000000048F888-mapping.dmp

Download
memory/928-225-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/928-221-0x000000000048F888-mapping.dmp

Download
memory/980-522-0x000000000048F888-mapping.dmp

Download
memory/980-526-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1004-82-0x0000000000000000-mapping.dmp

Download
memory/1048-442-0x000000000048F888-mapping.dmp

Download
memory/1048-446-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1060-567-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1060-563-0x000000000048F888-mapping.dmp

Download
memory/1080-667-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1080-663-0x000000000048F888-mapping.dmp

Download
memory/1092-73-0x0000000000000000-mapping.dmp

Download
memory/1160-406-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1160-402-0x000000000048F888-mapping.dmp

Download
memory/1172-386-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1172-382-0x000000000048F888-mapping.dmp

Download
memory/1216-647-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1216-643-0x000000000048F888-mapping.dmp

Download
memory/1244-122-0x0000000000000000-mapping.dmp

Download
memory/1244-125-0x0000000074990000-0x0000000074F3B000-memory.dmp

Filesize
5.7MB

Download
memory/1264-266-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1264-86-0x0000000000000000-mapping.dmp

Download
memory/1264-262-0x000000000048F888-mapping.dmp

Download
memory/1268-85-0x0000000000000000-mapping.dmp

Download
memory/1312-486-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1312-482-0x000000000048F888-mapping.dmp

Download
memory/1316-108-0x0000000000000000-mapping.dmp

Download
memory/1356-542-0x000000000048F888-mapping.dmp

Download
memory/1356-547-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1360-302-0x000000000048F888-mapping.dmp

Download
memory/1360-306-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1364-181-0x000000000048F888-mapping.dmp

Download
memory/1364-185-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1368-707-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1368-708-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1368-703-0x000000000048F888-mapping.dmp

Download
memory/1440-106-0x0000000000000000-mapping.dmp

Download
memory/1508-346-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1508-342-0x000000000048F888-mapping.dmp

Download
memory/1516-64-0x0000000000000000-mapping.dmp

Download
memory/1524-848-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1524-844-0x000000000048F888-mapping.dmp

Download
memory/1528-98-0x0000000000000000-mapping.dmp

Download
memory/1544-362-0x000000000048F888-mapping.dmp

Download
memory/1544-366-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1584-905-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1588-981-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1596-728-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1596-724-0x000000000048F888-mapping.dmp

Download
memory/1616-110-0x0000000074990000-0x0000000074F3B000-memory.dmp

Filesize
5.7MB

Download
memory/1616-96-0x0000000074990000-0x0000000074F3B000-memory.dmp

Filesize
5.7MB

Download
memory/1616-89-0x0000000000000000-mapping.dmp

Download
memory/1616-121-0x0000000074990000-0x0000000074F3B000-memory.dmp

Filesize
5.7MB

Download
memory/1660-101-0x0000000000000000-mapping.dmp

Download
memory/1668-687-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1668-683-0x000000000048F888-mapping.dmp

Download
memory/1672-1000-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1680-120-0x0000000000000000-mapping.dmp

Download
memory/1684-828-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1684-824-0x000000000048F888-mapping.dmp

Download
memory/1692-282-0x000000000048F888-mapping.dmp

Download
memory/1692-286-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1720-56-0x0000000074990000-0x0000000074F3B000-memory.dmp

Filesize
5.7MB

Download
memory/1720-55-0x0000000074990000-0x0000000074F3B000-memory.dmp

Filesize
5.7MB

Download
memory/1720-54-0x00000000765B1000-0x00000000765B3000-memory.dmp

Filesize
8KB

Download
memory/1724-583-0x000000000048F888-mapping.dmp

Download
memory/1724-587-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1752-74-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1752-81-0x000000000048F888-mapping.dmp

Download
memory/1752-109-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1752-63-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1752-61-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1752-66-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1752-92-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1752-87-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1752-80-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1752-58-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1752-76-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1752-72-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1752-83-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1752-70-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1764-57-0x0000000000000000-mapping.dmp

Download
memory/1784-943-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1784-228-0x0000000000000000-mapping.dmp

Download
memory/1788-886-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1812-100-0x0000000000000000-mapping.dmp

Download
memory/1816-924-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1816-116-0x0000000000000000-mapping.dmp

Download
memory/1852-78-0x0000000000000000-mapping.dmp

Download
memory/1872-97-0x0000000000000000-mapping.dmp

Download
memory/1884-68-0x0000000000000000-mapping.dmp

Download
memory/1960-748-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1960-744-0x000000000048F888-mapping.dmp

Download
memory/1964-118-0x0000000000000000-mapping.dmp

Download
memory/1976-962-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/2004-141-0x000000000048F888-mapping.dmp

Download
memory/2004-145-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/2032-466-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/2032-462-0x000000000048F888-mapping.dmp

Download
memory/2036-788-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/2036-103-0x0000000000000000-mapping.dmp

Download
memory/2036-784-0x000000000048F888-mapping.dmp

Download
memory/2044-205-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/2044-201-0x000000000048F888-mapping.dmp

Download
memory/2128-1019-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/2220-1038-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/2312-1057-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/2404-1076-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/2496-1095-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/2588-1114-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/2680-1133-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/2772-1152-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/2864-1171-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download