Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

3db2660d7c...17.exe

windows7-x64

10

3db2660d7c...17.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    149s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    01/01/2024, 19:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3db2660d7cffcb682ce00e0bde927517.exe

  • Size

    860KB

  • MD5

    3db2660d7cffcb682ce00e0bde927517

  • SHA1

    91c05b98597758c8f37c84f0addb074457ebee34

  • SHA256

    514955742584b4b75e5c21274ed9b8f44baac47f1eac8939b35928ecff930710

  • SHA512

    850f0f33032f16a090e09249a0671756ab341493a9e220587b5cf9b9d1f697e187c0bea49dd7f2a4c53c6deda8618674b48da5ebe6e7c1b7addfced99b6490c0

  • SSDEEP

    12288:720LBewQKm0Ih+F2k2dVEqoGO2p4W/pSbhrwzrW90ivPG1AnvBMhxKy3C5imMdM3:7xBeCLIE+PoGO26cEmy0ivOa5aC0mAw

Score
10/10
darkcometpersistencerattrojanupx

Malware Config

Signatures

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet
  • Modifies WinLogon for persistence 2 TTPs 64 IoCs
    persistence
  • Checks BIOS information in registry 2 TTPs 64 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Executes dropped EXE 64 IoCs
  • Loads dropped DLL 64 IoCs
  • UPX packed file 13 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 64 IoCs
    persistence
  • Drops file in System32 directory 64 IoCs
  • Suspicious use of SetThreadContext 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 64 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of SetWindowsHookEx 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3db2660d7cffcb682ce00e0bde927517.exe
    "C:\Users\Admin\AppData\Local\Temp\3db2660d7cffcb682ce00e0bde927517.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:824
    • C:\Users\Admin\AppData\Local\Temp\3db2660d7cffcb682ce00e0bde927517.exe
      2⤵
      • Modifies WinLogon for persistence
      • Checks BIOS information in registry
      • Loads dropped DLL
      • Checks processor information in registry
      • Enumerates system info in registry
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:668
      • C:\Windows\SysWOW64\sys32.exe
        "C:\Windows\system32\sys32.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetThreadContext
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2572
  • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
    "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
    1⤵
    • Executes dropped EXE
    • Suspicious behavior: GetForegroundWindowSpam
    PID:2576
  • C:\Windows\SysWOW64\sys32.exe
    1⤵
    • Checks BIOS information in registry
    • Executes dropped EXE
    • Loads dropped DLL
    • Enumerates system info in registry
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1284
    • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
      "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
      2⤵
      • Executes dropped EXE
      PID:2812
    • C:\Windows\SysWOW64\sys32.exe
      "C:\Windows\system32\sys32.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetThreadContext
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3012
      • C:\Windows\SysWOW64\sys32.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Enumerates system info in registry
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:1868
        • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
          "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
          4⤵
          • Executes dropped EXE
          PID:1476
        • C:\Windows\SysWOW64\sys32.exe
          "C:\Windows\system32\sys32.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious use of SetThreadContext
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2384
  • C:\Windows\SysWOW64\sys32.exe
    1⤵
    • Checks BIOS information in registry
    • Executes dropped EXE
    • Loads dropped DLL
    • Adds Run key to start application
    • Checks processor information in registry
    • Enumerates system info in registry
    PID:1140
    • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
      "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
      2⤵
        PID:3048
      • C:\Windows\SysWOW64\sys32.exe
        "C:\Windows\system32\sys32.exe"
        2⤵
        • Executes dropped EXE
        • Suspicious use of SetThreadContext
        • Suspicious use of SetWindowsHookEx
        PID:2924
        • C:\Windows\SysWOW64\sys32.exe
          3⤵
          • Modifies WinLogon for persistence
          • Checks BIOS information in registry
          • Executes dropped EXE
          • Loads dropped DLL
          • Drops file in System32 directory
          PID:2308
          • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
            "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
            4⤵
            • Executes dropped EXE
            PID:2580
          • C:\Windows\SysWOW64\sys32.exe
            "C:\Windows\system32\sys32.exe"
            4⤵
            • Executes dropped EXE
            • Suspicious use of SetThreadContext
            • Suspicious use of SetWindowsHookEx
            PID:2700
    • C:\Windows\SysWOW64\sys32.exe
      1⤵
      • Checks BIOS information in registry
      • Executes dropped EXE
      • Loads dropped DLL
      • Adds Run key to start application
      • Checks processor information in registry
      • Enumerates system info in registry
      PID:2252
      • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
        "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
        2⤵
          PID:2852
        • C:\Windows\SysWOW64\sys32.exe
          "C:\Windows\system32\sys32.exe"
          2⤵
          • Executes dropped EXE
          • Suspicious use of SetThreadContext
          • Suspicious use of SetWindowsHookEx
          PID:2968
          • C:\Windows\SysWOW64\sys32.exe
            3⤵
            • Modifies WinLogon for persistence
            • Checks BIOS information in registry
            • Executes dropped EXE
            • Loads dropped DLL
            • Adds Run key to start application
            • Drops file in System32 directory
            • Enumerates system info in registry
            PID:2772
            • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
              "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
              4⤵
              • Executes dropped EXE
              PID:392
            • C:\Windows\SysWOW64\sys32.exe
              "C:\Windows\system32\sys32.exe"
              4⤵
                PID:328
        • C:\Windows\SysWOW64\sys32.exe
          1⤵
          • Modifies WinLogon for persistence
          • Checks BIOS information in registry
          • Executes dropped EXE
          • Loads dropped DLL
          • Adds Run key to start application
          • Drops file in System32 directory
          • Checks processor information in registry
          • Enumerates system info in registry
          PID:1840
          • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
            "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
            2⤵
              PID:1200
            • C:\Windows\SysWOW64\sys32.exe
              "C:\Windows\system32\sys32.exe"
              2⤵
              • Executes dropped EXE
              • Suspicious use of SetThreadContext
              • Suspicious use of SetWindowsHookEx
              PID:3052
              • C:\Windows\SysWOW64\sys32.exe
                3⤵
                • Modifies WinLogon for persistence
                • Checks BIOS information in registry
                • Executes dropped EXE
                • Loads dropped DLL
                • Drops file in System32 directory
                • Checks processor information in registry
                PID:1664
                • C:\Windows\SysWOW64\sys32.exe
                  "C:\Windows\system32\sys32.exe"
                  4⤵
                    PID:760
                    • C:\Windows\SysWOW64\sys32.exe
                      5⤵
                      • Checks BIOS information in registry
                      • Executes dropped EXE
                      • Loads dropped DLL
                      • Adds Run key to start application
                      • Drops file in System32 directory
                      PID:2492
                      • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                        "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                        6⤵
                          PID:1984
                        • C:\Windows\SysWOW64\sys32.exe
                          "C:\Windows\system32\sys32.exe"
                          6⤵
                            PID:2632
                            • C:\Windows\SysWOW64\sys32.exe
                              7⤵
                              • Modifies WinLogon for persistence
                              • Executes dropped EXE
                              • Loads dropped DLL
                              • Checks processor information in registry
                              PID:1592
                              • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                8⤵
                                • Executes dropped EXE
                                PID:2012
                              • C:\Windows\SysWOW64\sys32.exe
                                "C:\Windows\system32\sys32.exe"
                                8⤵
                                  PID:380
                                  • C:\Windows\SysWOW64\sys32.exe
                                    9⤵
                                    • Modifies WinLogon for persistence
                                    • Executes dropped EXE
                                    • Loads dropped DLL
                                    • Drops file in System32 directory
                                    • Checks processor information in registry
                                    • Enumerates system info in registry
                                    PID:2260
                                    • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                      "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                      10⤵
                                      • Executes dropped EXE
                                      PID:988
                                    • C:\Windows\SysWOW64\sys32.exe
                                      "C:\Windows\system32\sys32.exe"
                                      10⤵
                                      • Executes dropped EXE
                                      • Suspicious use of SetThreadContext
                                      • Suspicious use of SetWindowsHookEx
                                      PID:2948
                                      • C:\Windows\SysWOW64\sys32.exe
                                        11⤵
                                        • Modifies WinLogon for persistence
                                        • Checks BIOS information in registry
                                        • Executes dropped EXE
                                        • Loads dropped DLL
                                        • Checks processor information in registry
                                        • Enumerates system info in registry
                                        PID:1852
                                        • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                          "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                          12⤵
                                            PID:2172
                                          • C:\Windows\SysWOW64\sys32.exe
                                            "C:\Windows\system32\sys32.exe"
                                            12⤵
                                            • Executes dropped EXE
                                            • Suspicious use of SetThreadContext
                                            • Suspicious use of SetWindowsHookEx
                                            PID:2788
                                            • C:\Windows\SysWOW64\sys32.exe
                                              13⤵
                                              • Modifies WinLogon for persistence
                                              • Executes dropped EXE
                                              • Loads dropped DLL
                                              • Adds Run key to start application
                                              • Drops file in System32 directory
                                              • Enumerates system info in registry
                                              PID:2564
                                              • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                14⤵
                                                • Executes dropped EXE
                                                PID:2516
                                              • C:\Windows\SysWOW64\sys32.exe
                                                "C:\Windows\system32\sys32.exe"
                                                14⤵
                                                  PID:1984
                                                  • C:\Windows\SysWOW64\sys32.exe
                                                    15⤵
                                                    • Modifies WinLogon for persistence
                                                    • Executes dropped EXE
                                                    • Loads dropped DLL
                                                    • Adds Run key to start application
                                                    PID:1532
                                                    • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                      "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                      16⤵
                                                      • Executes dropped EXE
                                                      PID:3016
                                                    • C:\Windows\SysWOW64\sys32.exe
                                                      "C:\Windows\system32\sys32.exe"
                                                      16⤵
                                                      • Executes dropped EXE
                                                      • Suspicious use of SetThreadContext
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:2040
                                                      • C:\Windows\SysWOW64\sys32.exe
                                                        17⤵
                                                        • Modifies WinLogon for persistence
                                                        • Checks BIOS information in registry
                                                        • Executes dropped EXE
                                                        • Loads dropped DLL
                                                        • Drops file in System32 directory
                                                        • Enumerates system info in registry
                                                        PID:2424
                                                        • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                          "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                          18⤵
                                                          • Executes dropped EXE
                                                          PID:2904
                                                        • C:\Windows\SysWOW64\sys32.exe
                                                          "C:\Windows\system32\sys32.exe"
                                                          18⤵
                                                            PID:328
                                                            • C:\Windows\SysWOW64\sys32.exe
                                                              19⤵
                                                              • Checks BIOS information in registry
                                                              • Executes dropped EXE
                                                              • Drops file in System32 directory
                                                              • Enumerates system info in registry
                                                              PID:2960
                                                              • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                20⤵
                                                                • Executes dropped EXE
                                                                PID:3048
                                                              • C:\Windows\SysWOW64\sys32.exe
                                                                "C:\Windows\system32\sys32.exe"
                                                                20⤵
                                                                • Executes dropped EXE
                                                                • Drops file in System32 directory
                                                                • Suspicious use of SetThreadContext
                                                                • Suspicious use of SetWindowsHookEx
                                                                PID:2600
                                                                • C:\Windows\SysWOW64\sys32.exe
                                                                  21⤵
                                                                  • Modifies WinLogon for persistence
                                                                  • Checks BIOS information in registry
                                                                  • Executes dropped EXE
                                                                  • Adds Run key to start application
                                                                  • Enumerates system info in registry
                                                                  PID:2320
                                                                  • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                    "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                    22⤵
                                                                    • Executes dropped EXE
                                                                    PID:1960
                                                                  • C:\Windows\SysWOW64\sys32.exe
                                                                    "C:\Windows\system32\sys32.exe"
                                                                    22⤵
                                                                    • Executes dropped EXE
                                                                    • Suspicious use of SetThreadContext
                                                                    • Suspicious use of SetWindowsHookEx
                                                                    PID:760
                                                                    • C:\Windows\SysWOW64\sys32.exe
                                                                      23⤵
                                                                      • Modifies WinLogon for persistence
                                                                      • Checks BIOS information in registry
                                                                      • Executes dropped EXE
                                                                      • Adds Run key to start application
                                                                      • Drops file in System32 directory
                                                                      • Enumerates system info in registry
                                                                      PID:2244
                                                                      • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                        "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                        24⤵
                                                                        • Executes dropped EXE
                                                                        PID:2796
                                                                      • C:\Windows\SysWOW64\sys32.exe
                                                                        "C:\Windows\system32\sys32.exe"
                                                                        24⤵
                                                                        • Executes dropped EXE
                                                                        • Suspicious use of SetThreadContext
                                                                        • Suspicious use of SetWindowsHookEx
                                                                        PID:2632
                                                                        • C:\Windows\SysWOW64\sys32.exe
                                                                          25⤵
                                                                          • Checks BIOS information in registry
                                                                          • Executes dropped EXE
                                                                          • Adds Run key to start application
                                                                          • Enumerates system info in registry
                                                                          PID:2232
                                                                          • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                            "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                            26⤵
                                                                            • Executes dropped EXE
                                                                            PID:2224
                                                                          • C:\Windows\SysWOW64\sys32.exe
                                                                            "C:\Windows\system32\sys32.exe"
                                                                            26⤵
                                                                            • Executes dropped EXE
                                                                            • Suspicious use of SetThreadContext
                                                                            • Suspicious use of SetWindowsHookEx
                                                                            PID:2400
                                                                            • C:\Windows\SysWOW64\sys32.exe
                                                                              27⤵
                                                                              • Checks BIOS information in registry
                                                                              • Executes dropped EXE
                                                                              • Adds Run key to start application
                                                                              PID:1732
                                                                              • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                28⤵
                                                                                • Executes dropped EXE
                                                                                PID:3064
                                                                              • C:\Windows\SysWOW64\sys32.exe
                                                                                "C:\Windows\system32\sys32.exe"
                                                                                28⤵
                                                                                • Executes dropped EXE
                                                                                • Suspicious use of SetThreadContext
                                                                                • Suspicious use of SetWindowsHookEx
                                                                                PID:328
                                                                                • C:\Windows\SysWOW64\sys32.exe
                                                                                  29⤵
                                                                                  • Executes dropped EXE
                                                                                  • Drops file in System32 directory
                                                                                  PID:2340
                                                                                  • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                    "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                    30⤵
                                                                                    • Executes dropped EXE
                                                                                    PID:1704
                                                                                  • C:\Windows\SysWOW64\sys32.exe
                                                                                    "C:\Windows\system32\sys32.exe"
                                                                                    30⤵
                                                                                    • Suspicious use of SetThreadContext
                                                                                    • Suspicious use of SetWindowsHookEx
                                                                                    PID:2480
                                                                                    • C:\Windows\SysWOW64\sys32.exe
                                                                                      31⤵
                                                                                      • Modifies WinLogon for persistence
                                                                                      • Adds Run key to start application
                                                                                      • Checks processor information in registry
                                                                                      • Enumerates system info in registry
                                                                                      PID:2732
                                                                                      • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                        "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                        32⤵
                                                                                        • Executes dropped EXE
                                                                                        PID:2852
                                                                                      • C:\Windows\SysWOW64\sys32.exe
                                                                                        "C:\Windows\system32\sys32.exe"
                                                                                        32⤵
                                                                                        • Drops file in System32 directory
                                                                                        • Suspicious use of SetThreadContext
                                                                                        • Suspicious use of SetWindowsHookEx
                                                                                        PID:2836
                                                                                        • C:\Windows\SysWOW64\sys32.exe
                                                                                          33⤵
                                                                                          • Checks BIOS information in registry
                                                                                          • Executes dropped EXE
                                                                                          • Adds Run key to start application
                                                                                          • Suspicious use of SetThreadContext
                                                                                          • Enumerates system info in registry
                                                                                          • Suspicious use of SetWindowsHookEx
                                                                                          PID:1984
                                                                                          • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                            "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                            34⤵
                                                                                              PID:320
                                                                                            • C:\Windows\SysWOW64\sys32.exe
                                                                                              "C:\Windows\system32\sys32.exe"
                                                                                              34⤵
                                                                                              • Suspicious use of SetThreadContext
                                                                                              • Suspicious use of SetWindowsHookEx
                                                                                              PID:324
                                                                                              • C:\Windows\SysWOW64\sys32.exe
                                                                                                35⤵
                                                                                                • Modifies WinLogon for persistence
                                                                                                • Checks BIOS information in registry
                                                                                                • Adds Run key to start application
                                                                                                • Drops file in System32 directory
                                                                                                • Checks processor information in registry
                                                                                                • Enumerates system info in registry
                                                                                                PID:2312
                                                                                                • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                  "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                  36⤵
                                                                                                    PID:1536
                                                                                                  • C:\Windows\SysWOW64\sys32.exe
                                                                                                    "C:\Windows\system32\sys32.exe"
                                                                                                    36⤵
                                                                                                    • Suspicious use of SetThreadContext
                                                                                                    • Suspicious use of SetWindowsHookEx
                                                                                                    PID:2268
                                                                                                    • C:\Windows\SysWOW64\sys32.exe
                                                                                                      37⤵
                                                                                                      • Checks BIOS information in registry
                                                                                                      • Adds Run key to start application
                                                                                                      • Drops file in System32 directory
                                                                                                      • Enumerates system info in registry
                                                                                                      PID:576
                                                                                                      • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                        "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                        38⤵
                                                                                                          PID:1192
                                                                                                        • C:\Windows\SysWOW64\sys32.exe
                                                                                                          "C:\Windows\system32\sys32.exe"
                                                                                                          38⤵
                                                                                                          • Suspicious use of SetThreadContext
                                                                                                          • Suspicious use of SetWindowsHookEx
                                                                                                          PID:1080
                                                                                                          • C:\Windows\SysWOW64\sys32.exe
                                                                                                            39⤵
                                                                                                            • Modifies WinLogon for persistence
                                                                                                            • Adds Run key to start application
                                                                                                            PID:2620
                                                                                                            • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                              "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                              40⤵
                                                                                                                PID:1648
                                                                                                              • C:\Windows\SysWOW64\sys32.exe
                                                                                                                "C:\Windows\system32\sys32.exe"
                                                                                                                40⤵
                                                                                                                  PID:1604
                                                                                                                  • C:\Windows\SysWOW64\sys32.exe
                                                                                                                    41⤵
                                                                                                                    • Modifies WinLogon for persistence
                                                                                                                    • Adds Run key to start application
                                                                                                                    • Checks processor information in registry
                                                                                                                    PID:2776
                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                      "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                      42⤵
                                                                                                                        PID:636
                                                                                                                      • C:\Windows\SysWOW64\sys32.exe
                                                                                                                        "C:\Windows\system32\sys32.exe"
                                                                                                                        42⤵
                                                                                                                        • Suspicious use of SetThreadContext
                                                                                                                        • Suspicious use of SetWindowsHookEx
                                                                                                                        PID:2984
                                                                                                                        • C:\Windows\SysWOW64\sys32.exe
                                                                                                                          43⤵
                                                                                                                          • Checks processor information in registry
                                                                                                                          • Enumerates system info in registry
                                                                                                                          PID:752
                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                            "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                            44⤵
                                                                                                                              PID:1132
                                                                                                                            • C:\Windows\SysWOW64\sys32.exe
                                                                                                                              "C:\Windows\system32\sys32.exe"
                                                                                                                              44⤵
                                                                                                                              • Suspicious use of SetThreadContext
                                                                                                                              • Suspicious use of SetWindowsHookEx
                                                                                                                              PID:1792
                                                                                                                              • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                45⤵
                                                                                                                                • Modifies WinLogon for persistence
                                                                                                                                • Drops file in System32 directory
                                                                                                                                • Enumerates system info in registry
                                                                                                                                PID:868
                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                  "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                  46⤵
                                                                                                                                    PID:1992
                                                                                                                                  • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                    "C:\Windows\system32\sys32.exe"
                                                                                                                                    46⤵
                                                                                                                                    • Suspicious use of SetThreadContext
                                                                                                                                    • Suspicious use of SetWindowsHookEx
                                                                                                                                    PID:2944
                                                                                                                                    • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                      47⤵
                                                                                                                                      • Checks BIOS information in registry
                                                                                                                                      • Adds Run key to start application
                                                                                                                                      • Drops file in System32 directory
                                                                                                                                      • Checks processor information in registry
                                                                                                                                      PID:2120
                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                        "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                        48⤵
                                                                                                                                          PID:3060
                                                                                                                                        • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                          "C:\Windows\system32\sys32.exe"
                                                                                                                                          48⤵
                                                                                                                                          • Suspicious use of SetThreadContext
                                                                                                                                          • Suspicious use of SetWindowsHookEx
                                                                                                                                          PID:3040
                                                                                                                                          • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                            49⤵
                                                                                                                                            • Adds Run key to start application
                                                                                                                                            • Enumerates system info in registry
                                                                                                                                            PID:828
                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                              "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                              50⤵
                                                                                                                                                PID:2708
                                                                                                                                              • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                "C:\Windows\system32\sys32.exe"
                                                                                                                                                50⤵
                                                                                                                                                • Suspicious use of SetThreadContext
                                                                                                                                                • Suspicious use of SetWindowsHookEx
                                                                                                                                                PID:2676
                                                                                                                                                • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                  51⤵
                                                                                                                                                  • Modifies WinLogon for persistence
                                                                                                                                                  • Checks BIOS information in registry
                                                                                                                                                  • Adds Run key to start application
                                                                                                                                                  • Checks processor information in registry
                                                                                                                                                  • Enumerates system info in registry
                                                                                                                                                  PID:2500
                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                                    "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                                    52⤵
                                                                                                                                                      PID:772
                                                                                                                                                    • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                      "C:\Windows\system32\sys32.exe"
                                                                                                                                                      52⤵
                                                                                                                                                      • Suspicious use of SetThreadContext
                                                                                                                                                      • Suspicious use of SetWindowsHookEx
                                                                                                                                                      PID:2016
                                                                                                                                                      • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                        53⤵
                                                                                                                                                        • Modifies WinLogon for persistence
                                                                                                                                                        • Checks BIOS information in registry
                                                                                                                                                        • Drops file in System32 directory
                                                                                                                                                        • Enumerates system info in registry
                                                                                                                                                        PID:3028
                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                                          "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                                          54⤵
                                                                                                                                                          • Executes dropped EXE
                                                                                                                                                          • Suspicious use of SetThreadContext
                                                                                                                                                          • Suspicious use of SetWindowsHookEx
                                                                                                                                                          PID:380
                                                                                                                                                        • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                          "C:\Windows\system32\sys32.exe"
                                                                                                                                                          54⤵
                                                                                                                                                            PID:2472
                                                                                                                                                            • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                              55⤵
                                                                                                                                                              • Checks BIOS information in registry
                                                                                                                                                              • Adds Run key to start application
                                                                                                                                                              PID:1204
                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                                                "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                                                56⤵
                                                                                                                                                                  PID:1056
                                                                                                                                                                • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                  "C:\Windows\system32\sys32.exe"
                                                                                                                                                                  56⤵
                                                                                                                                                                  • Executes dropped EXE
                                                                                                                                                                  • Suspicious use of SetThreadContext
                                                                                                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                                                                                                  PID:1200
                                                                                                                                                                  • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                    57⤵
                                                                                                                                                                    • Adds Run key to start application
                                                                                                                                                                    • Drops file in System32 directory
                                                                                                                                                                    • Checks processor information in registry
                                                                                                                                                                    PID:2604
                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                                                      "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                                                      58⤵
                                                                                                                                                                      • Executes dropped EXE
                                                                                                                                                                      PID:2172
                                                                                                                                                                    • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                      "C:\Windows\system32\sys32.exe"
                                                                                                                                                                      58⤵
                                                                                                                                                                      • Suspicious use of SetThreadContext
                                                                                                                                                                      • Suspicious use of SetWindowsHookEx
                                                                                                                                                                      PID:2860
                                                                                                                                                                      • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                        59⤵
                                                                                                                                                                        • Modifies WinLogon for persistence
                                                                                                                                                                        • Adds Run key to start application
                                                                                                                                                                        • Checks processor information in registry
                                                                                                                                                                        • Enumerates system info in registry
                                                                                                                                                                        PID:2448
                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                                                          "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                                                          60⤵
                                                                                                                                                                            PID:2672
                                                                                                                                                                          • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                            "C:\Windows\system32\sys32.exe"
                                                                                                                                                                            60⤵
                                                                                                                                                                            • Drops file in System32 directory
                                                                                                                                                                            • Suspicious use of SetThreadContext
                                                                                                                                                                            • Suspicious use of SetWindowsHookEx
                                                                                                                                                                            PID:2440
                                                                                                                                                                            • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                              61⤵
                                                                                                                                                                              • Checks BIOS information in registry
                                                                                                                                                                              • Adds Run key to start application
                                                                                                                                                                              PID:1976
                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                                                                "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                                                                62⤵
                                                                                                                                                                                  PID:784
                                                                                                                                                                                • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                  "C:\Windows\system32\sys32.exe"
                                                                                                                                                                                  62⤵
                                                                                                                                                                                  • Suspicious use of SetThreadContext
                                                                                                                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                  PID:1776
                                                                                                                                                                                  • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                    63⤵
                                                                                                                                                                                    • Modifies WinLogon for persistence
                                                                                                                                                                                    • Checks BIOS information in registry
                                                                                                                                                                                    • Adds Run key to start application
                                                                                                                                                                                    • Enumerates system info in registry
                                                                                                                                                                                    PID:404
                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                                                                      "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                                                                      64⤵
                                                                                                                                                                                        PID:1312
                                                                                                                                                                                      • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                        "C:\Windows\system32\sys32.exe"
                                                                                                                                                                                        64⤵
                                                                                                                                                                                        • Suspicious use of SetThreadContext
                                                                                                                                                                                        • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                        PID:900
                                                                                                                                                                                        • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                          65⤵
                                                                                                                                                                                          • Adds Run key to start application
                                                                                                                                                                                          • Checks processor information in registry
                                                                                                                                                                                          • Enumerates system info in registry
                                                                                                                                                                                          PID:2920
                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                                                                            "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                                                                            66⤵
                                                                                                                                                                                              PID:756
                                                                                                                                                                                            • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                              "C:\Windows\system32\sys32.exe"
                                                                                                                                                                                              66⤵
                                                                                                                                                                                              • Suspicious use of SetThreadContext
                                                                                                                                                                                              • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                              PID:2720
                                                                                                                                                                                              • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                67⤵
                                                                                                                                                                                                • Modifies WinLogon for persistence
                                                                                                                                                                                                • Adds Run key to start application
                                                                                                                                                                                                • Drops file in System32 directory
                                                                                                                                                                                                • Enumerates system info in registry
                                                                                                                                                                                                PID:2376
                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                                                                                  "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                                                                                  68⤵
                                                                                                                                                                                                    PID:2592
                                                                                                                                                                                                  • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                    "C:\Windows\system32\sys32.exe"
                                                                                                                                                                                                    68⤵
                                                                                                                                                                                                    • Suspicious use of SetThreadContext
                                                                                                                                                                                                    • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                    PID:2808
                                                                                                                                                                                                    • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                      69⤵
                                                                                                                                                                                                      • Modifies WinLogon for persistence
                                                                                                                                                                                                      • Checks BIOS information in registry
                                                                                                                                                                                                      • Suspicious use of SetThreadContext
                                                                                                                                                                                                      • Enumerates system info in registry
                                                                                                                                                                                                      • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                      PID:1604
                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                                                                                        "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                                                                                        70⤵
                                                                                                                                                                                                          PID:2028
                                                                                                                                                                                                        • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                          "C:\Windows\system32\sys32.exe"
                                                                                                                                                                                                          70⤵
                                                                                                                                                                                                          • Suspicious use of SetThreadContext
                                                                                                                                                                                                          • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                          PID:772
                                                                                                                                                                                                          • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                            71⤵
                                                                                                                                                                                                            • Modifies WinLogon for persistence
                                                                                                                                                                                                            • Checks BIOS information in registry
                                                                                                                                                                                                            • Drops file in System32 directory
                                                                                                                                                                                                            • Checks processor information in registry
                                                                                                                                                                                                            PID:1220
                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                                                                                              "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                                                                                              72⤵
                                                                                                                                                                                                                PID:2972
                                                                                                                                                                                                              • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                "C:\Windows\system32\sys32.exe"
                                                                                                                                                                                                                72⤵
                                                                                                                                                                                                                • Suspicious use of SetThreadContext
                                                                                                                                                                                                                • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                PID:1620
                                                                                                                                                                                                                • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                  73⤵
                                                                                                                                                                                                                  • Modifies WinLogon for persistence
                                                                                                                                                                                                                  • Checks BIOS information in registry
                                                                                                                                                                                                                  • Enumerates system info in registry
                                                                                                                                                                                                                  PID:2912
                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                                                                                                    "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                                                                                                    74⤵
                                                                                                                                                                                                                    • Suspicious use of SetThreadContext
                                                                                                                                                                                                                    • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                    PID:2472
                                                                                                                                                                                                                  • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                    "C:\Windows\system32\sys32.exe"
                                                                                                                                                                                                                    74⤵
                                                                                                                                                                                                                      PID:2888
                                                                                                                                                                                                                      • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                        75⤵
                                                                                                                                                                                                                        • Modifies WinLogon for persistence
                                                                                                                                                                                                                        • Checks BIOS information in registry
                                                                                                                                                                                                                        • Adds Run key to start application
                                                                                                                                                                                                                        • Checks processor information in registry
                                                                                                                                                                                                                        PID:756
                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                                                                                                          "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                                                                                                          76⤵
                                                                                                                                                                                                                            PID:2332
                                                                                                                                                                                                                          • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                            "C:\Windows\system32\sys32.exe"
                                                                                                                                                                                                                            76⤵
                                                                                                                                                                                                                            • Suspicious use of SetThreadContext
                                                                                                                                                                                                                            • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                            PID:2644
                                                                                                                                                                                                                            • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                              77⤵
                                                                                                                                                                                                                              • Modifies WinLogon for persistence
                                                                                                                                                                                                                              • Checks BIOS information in registry
                                                                                                                                                                                                                              • Adds Run key to start application
                                                                                                                                                                                                                              • Drops file in System32 directory
                                                                                                                                                                                                                              • Checks processor information in registry
                                                                                                                                                                                                                              • Enumerates system info in registry
                                                                                                                                                                                                                              PID:2996
                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                                                                                                                "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                                                                                                                78⤵
                                                                                                                                                                                                                                  PID:2508
                                                                                                                                                                                                                                • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                  "C:\Windows\system32\sys32.exe"
                                                                                                                                                                                                                                  78⤵
                                                                                                                                                                                                                                  • Suspicious use of SetThreadContext
                                                                                                                                                                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                                  PID:2760
                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                    79⤵
                                                                                                                                                                                                                                    • Drops file in System32 directory
                                                                                                                                                                                                                                    • Enumerates system info in registry
                                                                                                                                                                                                                                    PID:2668
                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                                                                                                                      "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                                                                                                                      80⤵
                                                                                                                                                                                                                                        PID:2968
                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                        "C:\Windows\system32\sys32.exe"
                                                                                                                                                                                                                                        80⤵
                                                                                                                                                                                                                                        • Drops file in System32 directory
                                                                                                                                                                                                                                        • Suspicious use of SetThreadContext
                                                                                                                                                                                                                                        • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                                        PID:2752
                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                          81⤵
                                                                                                                                                                                                                                          • Modifies WinLogon for persistence
                                                                                                                                                                                                                                          • Checks BIOS information in registry
                                                                                                                                                                                                                                          • Adds Run key to start application
                                                                                                                                                                                                                                          • Drops file in System32 directory
                                                                                                                                                                                                                                          PID:1820
                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                                                                                                                            "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                                                                                                                            82⤵
                                                                                                                                                                                                                                              PID:572
                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                              "C:\Windows\system32\sys32.exe"
                                                                                                                                                                                                                                              82⤵
                                                                                                                                                                                                                                              • Drops file in System32 directory
                                                                                                                                                                                                                                              • Suspicious use of SetThreadContext
                                                                                                                                                                                                                                              • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                                              PID:1672
                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                83⤵
                                                                                                                                                                                                                                                • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                • Checks BIOS information in registry
                                                                                                                                                                                                                                                • Drops file in System32 directory
                                                                                                                                                                                                                                                • Checks processor information in registry
                                                                                                                                                                                                                                                • Enumerates system info in registry
                                                                                                                                                                                                                                                PID:2324
                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                                                                                                                                  "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                                                                                                                                  84⤵
                                                                                                                                                                                                                                                    PID:880
                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                    "C:\Windows\system32\sys32.exe"
                                                                                                                                                                                                                                                    84⤵
                                                                                                                                                                                                                                                    • Drops file in System32 directory
                                                                                                                                                                                                                                                    • Suspicious use of SetThreadContext
                                                                                                                                                                                                                                                    • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                                                    PID:3060
                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                      85⤵
                                                                                                                                                                                                                                                      • Checks BIOS information in registry
                                                                                                                                                                                                                                                      • Adds Run key to start application
                                                                                                                                                                                                                                                      • Drops file in System32 directory
                                                                                                                                                                                                                                                      • Checks processor information in registry
                                                                                                                                                                                                                                                      PID:1468
                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                                                                                                                                        "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                                                                                                                                        86⤵
                                                                                                                                                                                                                                                          PID:2516
                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                          "C:\Windows\system32\sys32.exe"
                                                                                                                                                                                                                                                          86⤵
                                                                                                                                                                                                                                                          • Suspicious use of SetThreadContext
                                                                                                                                                                                                                                                          • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                                                          PID:2476
                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                            87⤵
                                                                                                                                                                                                                                                            • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                            • Checks BIOS information in registry
                                                                                                                                                                                                                                                            • Adds Run key to start application
                                                                                                                                                                                                                                                            • Enumerates system info in registry
                                                                                                                                                                                                                                                            PID:960
                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                                                                                                                                              "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                                                                                                                                              88⤵
                                                                                                                                                                                                                                                                PID:2464
                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                "C:\Windows\system32\sys32.exe"
                                                                                                                                                                                                                                                                88⤵
                                                                                                                                                                                                                                                                • Suspicious use of SetThreadContext
                                                                                                                                                                                                                                                                • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                                                                PID:2012
                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                  89⤵
                                                                                                                                                                                                                                                                  • Drops file in System32 directory
                                                                                                                                                                                                                                                                  PID:1048
                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                                                                                                                                                    "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                                                                                                                                                    90⤵
                                                                                                                                                                                                                                                                      PID:1952
                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                      "C:\Windows\system32\sys32.exe"
                                                                                                                                                                                                                                                                      90⤵
                                                                                                                                                                                                                                                                      • Suspicious use of SetThreadContext
                                                                                                                                                                                                                                                                      • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                                                                      PID:2272
                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                        91⤵
                                                                                                                                                                                                                                                                        • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                        • Adds Run key to start application
                                                                                                                                                                                                                                                                        • Checks processor information in registry
                                                                                                                                                                                                                                                                        PID:696
                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                                                                                                                                                          "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                                                                                                                                                          92⤵
                                                                                                                                                                                                                                                                            PID:2184
                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                            "C:\Windows\system32\sys32.exe"
                                                                                                                                                                                                                                                                            92⤵
                                                                                                                                                                                                                                                                            • Suspicious use of SetThreadContext
                                                                                                                                                                                                                                                                            • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                                                                            PID:328
                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                              93⤵
                                                                                                                                                                                                                                                                              • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                              • Checks BIOS information in registry
                                                                                                                                                                                                                                                                              • Checks processor information in registry
                                                                                                                                                                                                                                                                              • Enumerates system info in registry
                                                                                                                                                                                                                                                                              PID:3056
                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                                                                                                                                                                "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                                                                                                                                                                94⤵
                                                                                                                                                                                                                                                                                  PID:992
                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                  "C:\Windows\system32\sys32.exe"
                                                                                                                                                                                                                                                                                  94⤵
                                                                                                                                                                                                                                                                                  • Suspicious use of SetThreadContext
                                                                                                                                                                                                                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                                                                                  PID:2480
                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                    95⤵
                                                                                                                                                                                                                                                                                    • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                    • Checks processor information in registry
                                                                                                                                                                                                                                                                                    • Enumerates system info in registry
                                                                                                                                                                                                                                                                                    PID:1676
                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                                                                                                                                                                      "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                                                                                                                                                                      96⤵
                                                                                                                                                                                                                                                                                        PID:2128
                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                        "C:\Windows\system32\sys32.exe"
                                                                                                                                                                                                                                                                                        96⤵
                                                                                                                                                                                                                                                                                        • Drops file in System32 directory
                                                                                                                                                                                                                                                                                        • Suspicious use of SetThreadContext
                                                                                                                                                                                                                                                                                        • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                                                                                        PID:2036
                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                          97⤵
                                                                                                                                                                                                                                                                                          • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                          • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                          • Adds Run key to start application
                                                                                                                                                                                                                                                                                          • Drops file in System32 directory
                                                                                                                                                                                                                                                                                          • Checks processor information in registry
                                                                                                                                                                                                                                                                                          PID:636
                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                                                                                                                                                                            "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                                                                                                                                                                            98⤵
                                                                                                                                                                                                                                                                                              PID:2636
                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                              "C:\Windows\system32\sys32.exe"
                                                                                                                                                                                                                                                                                              98⤵
                                                                                                                                                                                                                                                                                              • Drops file in System32 directory
                                                                                                                                                                                                                                                                                              • Suspicious use of SetThreadContext
                                                                                                                                                                                                                                                                                              • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                                                                                              PID:944
                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                99⤵
                                                                                                                                                                                                                                                                                                • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                • Enumerates system info in registry
                                                                                                                                                                                                                                                                                                PID:984
                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                                                                                                                                                                                  "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                                                                                                                                                                                  100⤵
                                                                                                                                                                                                                                                                                                    PID:1880
                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                    "C:\Windows\system32\sys32.exe"
                                                                                                                                                                                                                                                                                                    100⤵
                                                                                                                                                                                                                                                                                                    • Suspicious use of SetThreadContext
                                                                                                                                                                                                                                                                                                    • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                                                                                                    PID:2164
                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                      101⤵
                                                                                                                                                                                                                                                                                                      • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                      • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                                      • Enumerates system info in registry
                                                                                                                                                                                                                                                                                                      PID:2292
                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                                                                                                                                                                                        "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                                                                                                                                                                                        102⤵
                                                                                                                                                                                                                                                                                                          PID:2692
                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                          "C:\Windows\system32\sys32.exe"
                                                                                                                                                                                                                                                                                                          102⤵
                                                                                                                                                                                                                                                                                                          • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                          • Suspicious use of SetThreadContext
                                                                                                                                                                                                                                                                                                          • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                                                                                                          PID:3040
                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                            103⤵
                                                                                                                                                                                                                                                                                                            • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                            • Adds Run key to start application
                                                                                                                                                                                                                                                                                                            • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                            PID:888
                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                                                                                                                                                                                              "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                                                                                                                                                                                              104⤵
                                                                                                                                                                                                                                                                                                                PID:1072
                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                "C:\Windows\system32\sys32.exe"
                                                                                                                                                                                                                                                                                                                104⤵
                                                                                                                                                                                                                                                                                                                • Suspicious use of SetThreadContext
                                                                                                                                                                                                                                                                                                                • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                                                                                                                PID:1528
                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                  105⤵
                                                                                                                                                                                                                                                                                                                  • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                  • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                  • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                  • Checks processor information in registry
                                                                                                                                                                                                                                                                                                                  • Enumerates system info in registry
                                                                                                                                                                                                                                                                                                                  PID:1864
                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                                                                                                                                                                                                    "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                                                                                                                                                                                                    106⤵
                                                                                                                                                                                                                                                                                                                      PID:1132
                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                      "C:\Windows\system32\sys32.exe"
                                                                                                                                                                                                                                                                                                                      106⤵
                                                                                                                                                                                                                                                                                                                      • Suspicious use of SetThreadContext
                                                                                                                                                                                                                                                                                                                      • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                                                                                                                      PID:844
                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                        107⤵
                                                                                                                                                                                                                                                                                                                        • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                                                        • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                        • Checks processor information in registry
                                                                                                                                                                                                                                                                                                                        PID:1560
                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                                                                                                                                                                                                          "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                                                                                                                                                                                                          108⤵
                                                                                                                                                                                                                                                                                                                            PID:2268
                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                            "C:\Windows\system32\sys32.exe"
                                                                                                                                                                                                                                                                                                                            108⤵
                                                                                                                                                                                                                                                                                                                            • Suspicious use of SetThreadContext
                                                                                                                                                                                                                                                                                                                            • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                                                                                                                            PID:1168
                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                              109⤵
                                                                                                                                                                                                                                                                                                                              • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                              • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                              • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                              • Checks processor information in registry
                                                                                                                                                                                                                                                                                                                              • Enumerates system info in registry
                                                                                                                                                                                                                                                                                                                              PID:1620
                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                                                                                                                                                                                                                "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                                                                                                                                                                                                                110⤵
                                                                                                                                                                                                                                                                                                                                  PID:1628
                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                  "C:\Windows\system32\sys32.exe"
                                                                                                                                                                                                                                                                                                                                  110⤵
                                                                                                                                                                                                                                                                                                                                  • Suspicious use of SetThreadContext
                                                                                                                                                                                                                                                                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                                                                                                                                  PID:2216
                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                    111⤵
                                                                                                                                                                                                                                                                                                                                    • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                                                                    • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                    • Enumerates system info in registry
                                                                                                                                                                                                                                                                                                                                    PID:1696
                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                                                                                                                                                                                                                      "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                                                                                                                                                                                                                      112⤵
                                                                                                                                                                                                                                                                                                                                        PID:332
                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                        "C:\Windows\system32\sys32.exe"
                                                                                                                                                                                                                                                                                                                                        112⤵
                                                                                                                                                                                                                                                                                                                                        • Suspicious use of SetThreadContext
                                                                                                                                                                                                                                                                                                                                        • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                                                                                                                                        PID:3016
                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                          113⤵
                                                                                                                                                                                                                                                                                                                                          • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                                                                          • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                          • Checks processor information in registry
                                                                                                                                                                                                                                                                                                                                          • Enumerates system info in registry
                                                                                                                                                                                                                                                                                                                                          PID:1684
                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                                                                                                                                                                                                                            "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                                                                                                                                                                                                                            114⤵
                                                                                                                                                                                                                                                                                                                                              PID:1960
                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                              "C:\Windows\system32\sys32.exe"
                                                                                                                                                                                                                                                                                                                                              114⤵
                                                                                                                                                                                                                                                                                                                                              • Suspicious use of SetThreadContext
                                                                                                                                                                                                                                                                                                                                              • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                                                                                                                                              PID:2012
                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                115⤵
                                                                                                                                                                                                                                                                                                                                                • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                                                                                • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                PID:2464
                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                                                                                                                                                                                                                                  "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                                                                                                                                                                                                                                  116⤵
                                                                                                                                                                                                                                                                                                                                                    PID:2436
                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                    "C:\Windows\system32\sys32.exe"
                                                                                                                                                                                                                                                                                                                                                    116⤵
                                                                                                                                                                                                                                                                                                                                                    • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                                    PID:2392
                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                      117⤵
                                                                                                                                                                                                                                                                                                                                                      • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                      • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                                                                                      • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                      • Checks processor information in registry
                                                                                                                                                                                                                                                                                                                                                      • Enumerates system info in registry
                                                                                                                                                                                                                                                                                                                                                      PID:112
                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                                                                                                                                                                                                                                        "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                                                                                                                                                                                                                                        118⤵
                                                                                                                                                                                                                                                                                                                                                          PID:2296
                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                          "C:\Windows\system32\sys32.exe"
                                                                                                                                                                                                                                                                                                                                                          118⤵
                                                                                                                                                                                                                                                                                                                                                            PID:948
                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                              119⤵
                                                                                                                                                                                                                                                                                                                                                              • Checks processor information in registry
                                                                                                                                                                                                                                                                                                                                                              PID:2616
                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                                                                                                                                                                                                                                                "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                                                                                                                                                                                                                                                120⤵
                                                                                                                                                                                                                                                                                                                                                                  PID:2860
                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                  "C:\Windows\system32\sys32.exe"
                                                                                                                                                                                                                                                                                                                                                                  120⤵
                                                                                                                                                                                                                                                                                                                                                                  • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                                                  PID:2684
                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                    121⤵
                                                                                                                                                                                                                                                                                                                                                                    • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                    • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                                                                                                    • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                    • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                                                    PID:2980
                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                                                                                                                                                                                                                                                      "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                                                                                                                                                                                                                                                      122⤵
                                                                                                                                                                                                                                                                                                                                                                        PID:2716
                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                        "C:\Windows\system32\sys32.exe"
                                                                                                                                                                                                                                                                                                                                                                        122⤵
                                                                                                                                                                                                                                                                                                                                                                          PID:1960
                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                            123⤵
                                                                                                                                                                                                                                                                                                                                                                            • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                            • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                            • Checks processor information in registry
                                                                                                                                                                                                                                                                                                                                                                            • Enumerates system info in registry
                                                                                                                                                                                                                                                                                                                                                                            PID:2040
                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                                                                                                                                                                                                                                                              "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                                                                                                                                                                                                                                                              124⤵
                                                                                                                                                                                                                                                                                                                                                                                PID:908
                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                "C:\Windows\system32\sys32.exe"
                                                                                                                                                                                                                                                                                                                                                                                124⤵
                                                                                                                                                                                                                                                                                                                                                                                  PID:380
                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                    125⤵
                                                                                                                                                                                                                                                                                                                                                                                    • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                                    • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                                    • Checks processor information in registry
                                                                                                                                                                                                                                                                                                                                                                                    • Enumerates system info in registry
                                                                                                                                                                                                                                                                                                                                                                                    PID:2192
                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                                                                                                                                                                                                                                                                      "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                                                                                                                                                                                                                                                                      126⤵
                                                                                                                                                                                                                                                                                                                                                                                        PID:2784
                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                        "C:\Windows\system32\sys32.exe"
                                                                                                                                                                                                                                                                                                                                                                                        126⤵
                                                                                                                                                                                                                                                                                                                                                                                          PID:1692
                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                            127⤵
                                                                                                                                                                                                                                                                                                                                                                                            • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                                                                                                                            • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                                            • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                                                                            • Enumerates system info in registry
                                                                                                                                                                                                                                                                                                                                                                                            PID:2108
                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                                                                                                                                                                                                                                                                              "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                                                                                                                                                                                                                                                                              128⤵
                                                                                                                                                                                                                                                                                                                                                                                                PID:2892
                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                "C:\Windows\system32\sys32.exe"
                                                                                                                                                                                                                                                                                                                                                                                                128⤵
                                                                                                                                                                                                                                                                                                                                                                                                  PID:2056
                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                    129⤵
                                                                                                                                                                                                                                                                                                                                                                                                    • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                                                    • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                                                                                                                                    • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                                                    • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                                                                                    • Enumerates system info in registry
                                                                                                                                                                                                                                                                                                                                                                                                    PID:764
                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                                                                                                                                                                                                                                                                                      "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                                                                                                                                                                                                                                                                                      130⤵
                                                                                                                                                                                                                                                                                                                                                                                                        PID:2820
                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                        "C:\Windows\system32\sys32.exe"
                                                                                                                                                                                                                                                                                                                                                                                                        130⤵
                                                                                                                                                                                                                                                                                                                                                                                                        • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                                                                                        PID:2812
                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                          131⤵
                                                                                                                                                                                                                                                                                                                                                                                                          • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                                                          • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                                                                                                                                          • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                                                                                          PID:2396
                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                                                                                                                                                                                                                                                                                            132⤵
                                                                                                                                                                                                                                                                                                                                                                                                              PID:2368
                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                              "C:\Windows\system32\sys32.exe"
                                                                                                                                                                                                                                                                                                                                                                                                              132⤵
                                                                                                                                                                                                                                                                                                                                                                                                                PID:2416
                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  133⤵
                                                                                                                                                                                                                                                                                                                                                                                                                  • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                                                                  • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                  • Enumerates system info in registry
                                                                                                                                                                                                                                                                                                                                                                                                                  PID:1672
                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                                                                                                                                                                                                                                                                                                    134⤵
                                                                                                                                                                                                                                                                                                                                                                                                                      PID:2936
                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                      "C:\Windows\system32\sys32.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                      134⤵
                                                                                                                                                                                                                                                                                                                                                                                                                        PID:2788
                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                          135⤵
                                                                                                                                                                                                                                                                                                                                                                                                                          • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                          • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                                                                          • Enumerates system info in registry
                                                                                                                                                                                                                                                                                                                                                                                                                          PID:1768
                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                                                                                                                                                                                                                                                                                                            136⤵
                                                                                                                                                                                                                                                                                                                                                                                                                              PID:292
                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              "C:\Windows\system32\sys32.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                              136⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                PID:1648
                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                  137⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Checks processor information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                  • Enumerates system info in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:1376
                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                                                                                                                                                                                                                                                                                                                    138⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:3000
                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      "C:\Windows\system32\sys32.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                      138⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:3036
                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                          139⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                          • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:280
                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                                                                                                                                                                                                                                                                                                                            140⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:2460
                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                              "C:\Windows\system32\sys32.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                              140⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                              • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:1808
                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                141⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                                                                                                • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                                                                                                • Checks processor information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                • Enumerates system info in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:1208
                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                                                                                                                                                                                                                                                                                                                                  142⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:1988
                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Windows\system32\sys32.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                    142⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:2392
                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                        143⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Enumerates system info in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:912
                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                          "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                                                                                                                                                                                                                                                                                                                                          144⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:1704
                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\system32\sys32.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                            144⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:2744
                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                145⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Checks processor information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Enumerates system info in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:2088
                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                  146⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:1648
                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Windows\system32\sys32.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                    146⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:2688
                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        147⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Checks processor information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Enumerates system info in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:2200
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          148⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:1700
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\system32\sys32.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            148⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:2460
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                149⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Checks processor information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:1556
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  150⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:604
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Windows\system32\sys32.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    150⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:2248
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        151⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Enumerates system info in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:2948
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          152⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:2496
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\system32\sys32.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            152⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:3052
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                153⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Checks processor information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Enumerates system info in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:2172
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  154⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:2356
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Windows\system32\sys32.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    154⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:2196
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        155⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:2964
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          156⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:2364
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\system32\sys32.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            156⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:1548
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                157⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Checks processor information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:2972
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  158⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:472
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Windows\system32\sys32.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    158⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:1600
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        159⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Checks processor information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Enumerates system info in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:2864
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          160⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:2504
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\system32\sys32.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            160⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:2496
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                161⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Checks processor information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:1692
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  162⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:3040
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Windows\system32\sys32.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    162⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:2876
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        163⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Enumerates system info in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:2804
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          164⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:848
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\system32\sys32.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            164⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:2064
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                165⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Checks processor information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:2224
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  166⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:2952
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Windows\system32\sys32.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    166⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:2268
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        167⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Enumerates system info in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:2328
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          168⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:2472
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\system32\sys32.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            168⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:2468
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                169⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Enumerates system info in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:1644
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  170⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:1524
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Windows\system32\sys32.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    170⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:1628
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        171⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:1480
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          172⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:2216
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\system32\sys32.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            172⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:2660
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              173⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • Enumerates system info in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:1264
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                174⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:2952
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Windows\system32\sys32.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  174⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:2368
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      175⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • Checks processor information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:2400
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        176⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:2420
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          "C:\Windows\system32\sys32.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          176⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:2504
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              177⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • Enumerates system info in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:2124
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                178⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:1080
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Windows\system32\sys32.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  178⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:3052
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      179⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • Checks processor information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • Enumerates system info in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:2992
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        180⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:2240
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          "C:\Windows\system32\sys32.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          180⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:1652
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              181⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • Checks BIOS information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • Enumerates system info in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:1784
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                182⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:1164
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Windows\system32\sys32.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  182⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:1740
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      183⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • Checks processor information in registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:2548
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        184⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:2368
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          "C:\Windows\system32\sys32.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          184⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:2148
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              185⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:1120
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  186⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:1080
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Windows\system32\sys32.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    186⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:2476
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        187⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:2816
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            188⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:1420
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              "C:\Windows\system32\sys32.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              188⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:2856
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  189⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:2592
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      190⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:2280
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        "C:\Windows\system32\sys32.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        190⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:1548
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            191⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:1432
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                192⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:3020
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Windows\system32\sys32.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  192⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:1076
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      193⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:1200
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          194⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:1632
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\system32\sys32.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            194⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:2860
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                195⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:2428
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    196⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:2556
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      "C:\Windows\system32\sys32.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      196⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:2664
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          197⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:2440
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              198⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:2660
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                "C:\Windows\system32\sys32.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                198⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:2648
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    199⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:1808
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        200⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:2472
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          "C:\Windows\system32\sys32.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          200⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:2176
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              201⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:2092
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  202⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:1712
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Windows\system32\sys32.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    202⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:2596
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        203⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:1728
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            204⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:976
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              "C:\Windows\system32\sys32.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              204⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:2848
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  205⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:2812
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      206⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:1764
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        "C:\Windows\system32\sys32.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        206⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:2412
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            207⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:2272
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                208⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:1680
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Windows\system32\sys32.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  208⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:2828
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      209⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:1076
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          210⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:1832
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\system32\sys32.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            210⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:1288
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                211⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:1660
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    212⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:1476
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      "C:\Windows\system32\sys32.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      212⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:1700
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          213⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:2856
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              214⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:1952
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                "C:\Windows\system32\sys32.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                214⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:2140
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    215⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:2460
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        216⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:1680
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          "C:\Windows\system32\sys32.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          216⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:1512
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              217⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:3060
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  218⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:2708
                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE
                                                                                                                                                                                                                                                                                                                                                  "C:\Users\Admin\AppData\Local\Temp\LXK PROTEUS 7.7 SP2 ENG V1.0.0.EXE"
                                                                                                                                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                                                                                                                                  • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                                                  PID:756

                                                                                                                                                                                                                                                                                                                                                Network

                                                                                                                                                                                                                                                                                                                                                MITRE ATT&CK Enterprise v15

                                                                                                                                                                                                                                                                                                                                                Replay Monitor

                                                                                                                                                                                                                                                                                                                                                Loading Replay Monitor...

                                                                                                                                                                                                                                                                                                                                                Downloads

                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  94KB

                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                  1672238b1e99c15302a3700784c4dd02

                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                  5d81a5323e773ead0318bc11b0080621234e9027

                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                  a9dc7c2bbbd4d2c0694215af600cfb80cfa63ca6d9e25e6f902913438a8a21dd

                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                  1bb401b9a26ca3040592f139081a64c7923f5b3281594bf004dcfcb90d86510c473cea9ca4c1662fa27d8d9faef5856705abbb9430f0c19dde92b5aea8088af0

                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                • \Windows\SysWOW64\sys32.exe
                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  257KB

                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                  e7f7bfb1a56ada78e87d3972045f5a8c

                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                  16b4bd8577b8fabeec158960e70082d252bbdcad

                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                  f6df44e07e00ecf6139ce39cbc6edd67c92dbcc467dad4e17b1d481b8aecfda4

                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                  05b52ed14ad1478a2f4aad05ba02e2a5db86fb2e0d032ed8350a42a4e78411b666e4b372a14c2f21909a59fb35a2486ddbcaf723a614e145f3dbd36349fb5f51

                                                                                                                                                                                                                                                                                                                                                  Download Submit

                                                                                                                                                                                                                                                                                                                                                • memory/392-493-0x0000000000400000-0x000000000040F000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  60KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/668-25-0x0000000000400000-0x00000000004C9000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  804KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/668-56-0x00000000016B0000-0x00000000016BF000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  60KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/668-97-0x0000000000400000-0x00000000004C9000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  804KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/668-27-0x0000000000400000-0x00000000004C9000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  804KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/668-39-0x0000000000400000-0x00000000004C9000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  804KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/668-38-0x0000000000400000-0x00000000004C9000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  804KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/668-47-0x0000000000170000-0x0000000000171000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  4KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/668-19-0x0000000000400000-0x00000000004C9000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  804KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/668-57-0x00000000016B0000-0x00000000016BF000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  60KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/668-23-0x0000000000400000-0x00000000004C9000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  804KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/668-42-0x0000000000400000-0x00000000004C9000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  804KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/668-41-0x0000000000400000-0x00000000004C9000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  804KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/668-40-0x0000000000400000-0x00000000004C9000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  804KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/668-37-0x0000000000400000-0x00000000004C9000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  804KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/668-35-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  4KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/668-33-0x0000000000400000-0x00000000004C9000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  804KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/668-31-0x0000000000400000-0x00000000004C9000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  804KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/668-29-0x0000000000400000-0x00000000004C9000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  804KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/668-21-0x0000000000400000-0x00000000004C9000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  804KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/756-625-0x0000000000400000-0x000000000040F000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  60KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/824-4-0x0000000000160000-0x0000000000170000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  64KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/824-12-0x0000000002AD0000-0x0000000002AE0000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  64KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/824-5-0x0000000000170000-0x0000000000180000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  64KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/824-9-0x0000000001400000-0x0000000001410000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  64KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/824-6-0x0000000000180000-0x0000000000190000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  64KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/824-10-0x0000000001410000-0x0000000001420000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  64KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/824-7-0x0000000000190000-0x00000000001A0000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  64KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/824-11-0x00000000016B0000-0x00000000016C0000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  64KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/824-16-0x0000000002B10000-0x0000000002B20000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  64KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/824-15-0x0000000002B00000-0x0000000002B10000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  64KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/824-13-0x0000000002AE0000-0x0000000002AF0000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  64KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/824-8-0x00000000001E0000-0x00000000001F0000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  64KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/824-0-0x0000000000120000-0x0000000000130000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  64KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/824-1-0x0000000000130000-0x0000000000140000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  64KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/824-2-0x0000000000140000-0x0000000000150000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  64KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/824-14-0x0000000002AF0000-0x0000000002B00000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  64KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/824-3-0x0000000000150000-0x0000000000160000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  64KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/1140-302-0x0000000000400000-0x00000000004C9000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  804KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/1140-275-0x0000000000400000-0x00000000004C9000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  804KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/1140-277-0x0000000000400000-0x00000000004C9000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  804KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/1140-278-0x00000000003C0000-0x00000000003C1000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  4KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/1140-292-0x0000000003100000-0x000000000310F000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  60KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/1200-558-0x0000000000400000-0x000000000040F000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  60KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/1284-143-0x0000000000400000-0x00000000004C9000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  804KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/1284-169-0x0000000000400000-0x00000000004C9000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  804KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/1284-145-0x00000000001F0000-0x00000000001F1000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  4KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/1284-147-0x0000000002E30000-0x0000000002E3F000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  60KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/1284-144-0x0000000000400000-0x00000000004C9000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  804KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/1476-224-0x0000000000400000-0x000000000040F000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  60KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/1664-612-0x00000000001F0000-0x00000000001F1000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  4KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/1664-611-0x0000000000400000-0x00000000004C9000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  804KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/1664-632-0x0000000000400000-0x00000000004C9000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  804KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/1664-614-0x0000000002FA0000-0x0000000002FAF000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  60KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/1664-624-0x0000000002FA0000-0x0000000002FAF000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  60KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/1664-610-0x0000000000400000-0x00000000004C9000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  804KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/1840-570-0x0000000000400000-0x00000000004C9000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  804KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/1840-559-0x0000000002DB0000-0x0000000002DBF000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  60KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/1840-545-0x0000000000400000-0x00000000004C9000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  804KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/1840-543-0x0000000000400000-0x00000000004C9000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  804KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/1840-553-0x0000000002DB0000-0x0000000002DBF000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  60KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/1868-225-0x0000000001430000-0x000000000143F000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  60KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/1868-236-0x0000000000400000-0x00000000004C9000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  804KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/1868-223-0x0000000000170000-0x0000000000171000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  4KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/1868-211-0x0000000000400000-0x00000000004C9000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  804KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/1868-209-0x0000000000400000-0x00000000004C9000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  804KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/1984-679-0x0000000000400000-0x000000000040F000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  60KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/2252-426-0x00000000013D0000-0x00000000013DF000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  60KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/2252-412-0x0000000000180000-0x0000000000181000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  4KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/2252-411-0x0000000000400000-0x00000000004C9000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  804KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/2252-410-0x0000000000400000-0x00000000004C9000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  804KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/2252-437-0x0000000000400000-0x00000000004C9000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  804KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/2252-415-0x00000000013D0000-0x00000000013DF000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  60KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/2308-349-0x00000000014B0000-0x00000000014BF000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  60KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/2308-342-0x0000000000400000-0x00000000004C9000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  804KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/2308-345-0x00000000001B0000-0x00000000001B1000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  4KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/2308-360-0x00000000014B0000-0x00000000014BF000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  60KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/2308-369-0x0000000000400000-0x00000000004C9000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  804KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/2308-343-0x0000000000400000-0x00000000004C9000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  804KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/2492-675-0x0000000002FB0000-0x0000000002FBF000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  60KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/2492-674-0x0000000002FB0000-0x0000000002FBF000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  60KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/2492-673-0x0000000000300000-0x0000000000301000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  4KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/2492-672-0x0000000000400000-0x00000000004C9000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  804KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/2492-671-0x0000000000400000-0x00000000004C9000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  804KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/2572-115-0x0000000001350000-0x0000000001360000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  64KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/2572-111-0x0000000001310000-0x0000000001320000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  64KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/2572-103-0x0000000000190000-0x00000000001A0000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  64KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/2572-116-0x0000000001360000-0x0000000001370000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  64KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/2572-114-0x0000000001340000-0x0000000001350000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  64KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/2572-113-0x0000000001330000-0x0000000001340000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  64KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/2572-112-0x0000000001320000-0x0000000001330000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  64KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/2572-108-0x00000000012E0000-0x00000000012F0000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  64KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/2572-110-0x0000000001300000-0x0000000001310000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  64KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/2572-102-0x0000000000180000-0x0000000000190000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  64KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/2572-104-0x00000000001A0000-0x00000000001B0000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  64KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/2572-105-0x00000000001B0000-0x00000000001C0000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  64KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/2572-106-0x00000000001C0000-0x00000000001D0000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  64KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/2572-109-0x00000000012F0000-0x0000000001300000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  64KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/2572-107-0x00000000001E0000-0x00000000001F0000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  64KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/2576-344-0x0000000000400000-0x000000000040F000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  60KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/2576-69-0x0000000000400000-0x000000000040F000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  60KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/2580-359-0x0000000000400000-0x000000000040F000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  60KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/2772-503-0x0000000000400000-0x00000000004C9000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  804KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/2772-483-0x0000000003210000-0x000000000321F000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  60KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/2772-479-0x0000000000180000-0x0000000000181000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  4KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/2772-478-0x0000000000400000-0x00000000004C9000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  804KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/2772-477-0x0000000000400000-0x00000000004C9000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  804KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/2812-159-0x0000000000400000-0x000000000040F000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  60KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/2852-427-0x0000000000400000-0x000000000040F000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  60KB

                                                                                                                                                                                                                                                                                                                                                  Download

                                                                                                                                                                                                                                                                                                                                                • memory/3048-291-0x0000000000400000-0x000000000040F000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                  60KB

                                                                                                                                                                                                                                                                                                                                                  Download