39ddc5ee6653b06412e92cdf3d27e82fc9ddbe962073543753a3706a72541955

Analysis

max time kernel
150s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
02/02/2024, 17:41

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8a2308e717857d6d7f8d712d7517efe2.exe
Size

108KB
MD5

8a2308e717857d6d7f8d712d7517efe2
SHA1

ade32ee95572133e5a5be4ed905e04fd146989cc
SHA256

39ddc5ee6653b06412e92cdf3d27e82fc9ddbe962073543753a3706a72541955
SHA512

c573865deec08ebfa61066a48c7dd4c060074df0b4dffd1c1703b087b92212f75e5cc460b0303d5f570b250702f8c9f074faa046bd67c28fd0bb77b5774e5c80
SSDEEP

1536:WE6hDaywldhD7rA6XmY6VCAop7NX+o3STOARs4h7RmKFzG3f8Yk/5gKN:osywldhU7VVmp7NX+o3PUEu0kYkhF

Score

7^/10

evasion trojan

Malware Config

Signatures

Executes dropped EXE 62 IoCs

pid	Process
2780	net.net
2812	net.net
2596	net.net
1664	net.net
1100	net.net
1688	net.net
2328	net.net
1644	net.net
2460	net.net
832	net.net
2108	net.net
3012	net.net
1868	net.net
2868	net.net
2748	net.net
2680	net.net
2040	net.net
520	net.net
1584	net.net
3000	net.net
1944	net.net
1588	net.net
1676	net.net
876	net.net
2216	net.net
2616	net.net
1900	net.net
3060	net.net
2920	net.net
2948	net.net
2480	net.net
2324	net.net
2328	net.net
1112	net.net
1944	net.net
1952	net.net
880	net.net
1076	net.net
2724	net.net
2588	net.net
2584	net.net
3068	net.net
2756	net.net
1996	net.net
2012	net.net
2620	net.net
748	net.net
2956	net.net
1960	net.net
2124	net.net
860	net.net
2172	net.net
2316	net.net
1964	net.net
1812	net.net
2716	net.net
2668	net.net
2044	net.net
324	net.net
784	net.net
2992	net.net
644	net.net

Loads dropped DLL 64 IoCs

pid	Process
2852	cmd.exe
2852	cmd.exe
2624	cmd.exe
2624	cmd.exe
2168	cmd.exe
2168	cmd.exe
2928	cmd.exe
2928	cmd.exe
1656	cmd.exe
1656	cmd.exe
1692	cmd.exe
1692	cmd.exe
1864	cmd.exe
1864	cmd.exe
1468	cmd.exe
1468	cmd.exe
1432	cmd.exe
1432	cmd.exe
2508	cmd.exe
2508	cmd.exe
844	cmd.exe
844	cmd.exe
1076	cmd.exe
1076	cmd.exe
2804	cmd.exe
2804	cmd.exe
2696	cmd.exe
2696	cmd.exe
2584	cmd.exe
2584	cmd.exe
848	cmd.exe
848	cmd.exe
1196	cmd.exe
1196	cmd.exe
1984	cmd.exe
1984	cmd.exe
2324	cmd.exe
2324	cmd.exe
1244	cmd.exe
1244	cmd.exe
2404	cmd.exe
2404	cmd.exe
2508	cmd.exe
2508	cmd.exe
1508	cmd.exe
1508	cmd.exe
2092	cmd.exe
2092	cmd.exe
2660	cmd.exe
2660	cmd.exe
2672	cmd.exe
2672	cmd.exe
2960	cmd.exe
2960	cmd.exe
2636	cmd.exe
2636	cmd.exe
284	cmd.exe
284	cmd.exe
1996	cmd.exe
1996	cmd.exe
2260	cmd.exe
2260	cmd.exe
2308	cmd.exe
2308	cmd.exe

Checks whether UAC is enabled 1 TTPs 63 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	net.net
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	net.net
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	net.net
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	net.net
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	net.net
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	net.net
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	net.net
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	net.net
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	net.net
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	net.net
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	net.net
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	net.net
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	net.net
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	net.net
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	net.net
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	net.net
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	net.net
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	net.net
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	net.net
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	net.net
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	net.net
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	net.net
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	net.net
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	net.net
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	net.net
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	net.net
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	net.net
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	net.net
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	net.net
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	net.net
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	net.net
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	net.net
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	net.net
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	net.net
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	net.net
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	net.net
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	net.net
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	net.net
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	net.net
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	net.net
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	net.net
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	net.net
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	net.net
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	net.net
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	8a2308e717857d6d7f8d712d7517efe2.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	net.net
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	net.net
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	net.net
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	net.net
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	net.net
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	net.net
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	net.net
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	net.net
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	net.net
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	net.net
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	net.net
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	net.net
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	net.net
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	net.net
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	net.net
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	net.net
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	net.net
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	net.net

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\net.net	8a2308e717857d6d7f8d712d7517efe2.exe
File opened for modification	C:\Windows\SysWOW64\net.net	8a2308e717857d6d7f8d712d7517efe2.exe

Runs ping.exe 1 TTPs 63 IoCs

Remote System Discovery

T1018

pid	Process
2328	PING.EXE
1060	PING.EXE
1940	PING.EXE
2860	PING.EXE
2896	PING.EXE
2680	PING.EXE
3000	PING.EXE
1336	PING.EXE
2656	PING.EXE
2164	PING.EXE
1940	PING.EXE
2412	PING.EXE
2688	PING.EXE
3048	PING.EXE
2588	PING.EXE
2860	PING.EXE
2632	PING.EXE
2688	PING.EXE
1760	PING.EXE
676	PING.EXE
2144	PING.EXE
1688	PING.EXE
568	PING.EXE
1944	PING.EXE
1400	PING.EXE
2448	PING.EXE
1080	PING.EXE
340	PING.EXE
1964	PING.EXE
2016	PING.EXE
980	PING.EXE
2536	PING.EXE
2704	PING.EXE
2508	PING.EXE
2144	PING.EXE
520	PING.EXE
1576	PING.EXE
2460	PING.EXE
1560	PING.EXE
2848	PING.EXE
2712	PING.EXE
1864	PING.EXE
440	PING.EXE
2672	PING.EXE
1992	PING.EXE
2684	PING.EXE
3056	PING.EXE
2424	PING.EXE
1632	PING.EXE
2180	PING.EXE
3052	PING.EXE
2760	PING.EXE
1624	PING.EXE
2904	PING.EXE
1224	PING.EXE
1960	PING.EXE
1184	PING.EXE
2604	PING.EXE
1164	PING.EXE
2244	PING.EXE
2364	PING.EXE
568	PING.EXE
1612	PING.EXE

Suspicious behavior: EnumeratesProcesses 63 IoCs

pid	Process
1868	8a2308e717857d6d7f8d712d7517efe2.exe
2780	net.net
2812	net.net
2596	net.net
1664	net.net
1100	net.net
1688	net.net
2328	net.net
1644	net.net
2460	net.net
832	net.net
2108	net.net
3012	net.net
1868	net.net
2868	net.net
2748	net.net
2680	net.net
2040	net.net
520	net.net
1584	net.net
3000	net.net
1944	net.net
1588	net.net
1676	net.net
876	net.net
2216	net.net
2616	net.net
1900	net.net
3060	net.net
2920	net.net
2948	net.net
2480	net.net
2324	net.net
2328	net.net
1112	net.net
1944	net.net
1952	net.net
880	net.net
1076	net.net
2724	net.net
2588	net.net
2584	net.net
3068	net.net
2756	net.net
1996	net.net
2012	net.net
2620	net.net
748	net.net
2956	net.net
1960	net.net
2124	net.net
860	net.net
2172	net.net
2316	net.net
1964	net.net
1812	net.net
2716	net.net
2668	net.net
2044	net.net
324	net.net
784	net.net
2992	net.net
644	net.net

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1868	8a2308e717857d6d7f8d712d7517efe2.exe
1868	8a2308e717857d6d7f8d712d7517efe2.exe
1868	8a2308e717857d6d7f8d712d7517efe2.exe
2780	net.net
2780	net.net
2780	net.net
2812	net.net
2812	net.net
2812	net.net
2596	net.net
2596	net.net
2596	net.net
1664	net.net
1664	net.net
1664	net.net
1100	net.net
1100	net.net
1100	net.net
1688	net.net
1688	net.net
1688	net.net
2328	net.net
2328	net.net
2328	net.net
1644	net.net
1644	net.net
1644	net.net
2460	net.net
2460	net.net
2460	net.net
832	net.net
832	net.net
832	net.net
2108	net.net
2108	net.net
2108	net.net
3012	net.net
3012	net.net
3012	net.net
1868	net.net
1868	net.net
1868	net.net
2868	net.net
2868	net.net
2868	net.net
2748	net.net
2748	net.net
2748	net.net
2680	net.net
2680	net.net
2680	net.net
2040	net.net
2040	net.net
2040	net.net
520	net.net
520	net.net
520	net.net
1584	net.net
1584	net.net
1584	net.net
3000	net.net
3000	net.net
3000	net.net
1944	net.net

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1868 wrote to memory of 2764	1868	8a2308e717857d6d7f8d712d7517efe2.exe	28
PID 1868 wrote to memory of 2764	1868	8a2308e717857d6d7f8d712d7517efe2.exe	28
PID 1868 wrote to memory of 2764	1868	8a2308e717857d6d7f8d712d7517efe2.exe	28
PID 1868 wrote to memory of 2764	1868	8a2308e717857d6d7f8d712d7517efe2.exe	28
PID 2764 wrote to memory of 2684	2764	cmd.exe	30
PID 2764 wrote to memory of 2684	2764	cmd.exe	30
PID 2764 wrote to memory of 2684	2764	cmd.exe	30
PID 2764 wrote to memory of 2684	2764	cmd.exe	30
PID 2764 wrote to memory of 2852	2764	cmd.exe	31
PID 2764 wrote to memory of 2852	2764	cmd.exe	31
PID 2764 wrote to memory of 2852	2764	cmd.exe	31
PID 2764 wrote to memory of 2852	2764	cmd.exe	31
PID 2852 wrote to memory of 2780	2852	cmd.exe	32
PID 2852 wrote to memory of 2780	2852	cmd.exe	32
PID 2852 wrote to memory of 2780	2852	cmd.exe	32
PID 2852 wrote to memory of 2780	2852	cmd.exe	32
PID 2780 wrote to memory of 2708	2780	net.net	33
PID 2780 wrote to memory of 2708	2780	net.net	33
PID 2780 wrote to memory of 2708	2780	net.net	33
PID 2780 wrote to memory of 2708	2780	net.net	33
PID 2708 wrote to memory of 2604	2708	cmd.exe	35
PID 2708 wrote to memory of 2604	2708	cmd.exe	35
PID 2708 wrote to memory of 2604	2708	cmd.exe	35
PID 2708 wrote to memory of 2604	2708	cmd.exe	35
PID 2708 wrote to memory of 2624	2708	cmd.exe	36
PID 2708 wrote to memory of 2624	2708	cmd.exe	36
PID 2708 wrote to memory of 2624	2708	cmd.exe	36
PID 2708 wrote to memory of 2624	2708	cmd.exe	36
PID 2624 wrote to memory of 2812	2624	cmd.exe	37
PID 2624 wrote to memory of 2812	2624	cmd.exe	37
PID 2624 wrote to memory of 2812	2624	cmd.exe	37
PID 2624 wrote to memory of 2812	2624	cmd.exe	37
PID 2812 wrote to memory of 2656	2812	net.net	38
PID 2812 wrote to memory of 2656	2812	net.net	38
PID 2812 wrote to memory of 2656	2812	net.net	38
PID 2812 wrote to memory of 2656	2812	net.net	38
PID 2656 wrote to memory of 3056	2656	cmd.exe	40
PID 2656 wrote to memory of 3056	2656	cmd.exe	40
PID 2656 wrote to memory of 3056	2656	cmd.exe	40
PID 2656 wrote to memory of 3056	2656	cmd.exe	40
PID 2656 wrote to memory of 2168	2656	cmd.exe	41
PID 2656 wrote to memory of 2168	2656	cmd.exe	41
PID 2656 wrote to memory of 2168	2656	cmd.exe	41
PID 2656 wrote to memory of 2168	2656	cmd.exe	41
PID 2168 wrote to memory of 2596	2168	cmd.exe	42
PID 2168 wrote to memory of 2596	2168	cmd.exe	42
PID 2168 wrote to memory of 2596	2168	cmd.exe	42
PID 2168 wrote to memory of 2596	2168	cmd.exe	42
PID 2596 wrote to memory of 2648	2596	net.net	43
PID 2596 wrote to memory of 2648	2596	net.net	43
PID 2596 wrote to memory of 2648	2596	net.net	43
PID 2596 wrote to memory of 2648	2596	net.net	43
PID 2648 wrote to memory of 2904	2648	cmd.exe	45
PID 2648 wrote to memory of 2904	2648	cmd.exe	45
PID 2648 wrote to memory of 2904	2648	cmd.exe	45
PID 2648 wrote to memory of 2904	2648	cmd.exe	45
PID 2648 wrote to memory of 2928	2648	cmd.exe	46
PID 2648 wrote to memory of 2928	2648	cmd.exe	46
PID 2648 wrote to memory of 2928	2648	cmd.exe	46
PID 2648 wrote to memory of 2928	2648	cmd.exe	46
PID 2928 wrote to memory of 1664	2928	cmd.exe	47
PID 2928 wrote to memory of 1664	2928	cmd.exe	47
PID 2928 wrote to memory of 1664	2928	cmd.exe	47
PID 2928 wrote to memory of 1664	2928	cmd.exe	47

C:\Users\Admin\AppData\Local\Temp\8a2308e717857d6d7f8d712d7517efe2.exe
"C:\Users\Admin\AppData\Local\Temp\8a2308e717857d6d7f8d712d7517efe2.exe"
1⤵
- Checks whether UAC is enabled
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1868
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ping localhost -n 3 >> NUL && cmd /c start "" "C:\Windows\system32\net.net" >> NUL
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2764
- - C:\Windows\SysWOW64\PING.EXE
    ping localhost -n 3
    3⤵
    - Runs ping.exe
    PID:2684
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c start "" "C:\Windows\system32\net.net"
    3⤵
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2852
  - - C:\Windows\SysWOW64\net.net
      "C:\Windows\system32\net.net"
      4⤵
      Executes dropped EXE
      Checks whether UAC is enabled
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2780
    - - C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ping localhost -n 3 >> NUL && cmd /c start "" "C:\Windows\system32\net.net" >> NUL
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:2708
      - C:\Windows\SysWOW64\PING.EXE
        
        ping localhost -n 3
        6⤵
        Runs ping.exe
        
        PID:2604
      - C:\Windows\SysWOW64\cmd.exe
        
        cmd /c start "" "C:\Windows\system32\net.net"
        6⤵
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2624
        
        C:\Windows\SysWOW64\net.net
        
        "C:\Windows\system32\net.net"
        7⤵
        Executes dropped EXE
        Checks whether UAC is enabled
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2812
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ping localhost -n 3 >> NUL && cmd /c start "" "C:\Windows\system32\net.net" >> NUL
        8⤵
        Suspicious use of WriteProcessMemory
        
        PID:2656
        
        C:\Windows\SysWOW64\PING.EXE
        
        ping localhost -n 3
        9⤵
        Runs ping.exe
        
        PID:3056
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c start "" "C:\Windows\system32\net.net"
        9⤵
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2168
        
        C:\Windows\SysWOW64\net.net
        
        "C:\Windows\system32\net.net"
        10⤵
        Executes dropped EXE
        Checks whether UAC is enabled
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2596
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ping localhost -n 3 >> NUL && cmd /c start "" "C:\Windows\system32\net.net" >> NUL
        11⤵
        Suspicious use of WriteProcessMemory
        
        PID:2648
        
        C:\Windows\SysWOW64\PING.EXE
        
        ping localhost -n 3
        12⤵
        Runs ping.exe
        
        PID:2904
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c start "" "C:\Windows\system32\net.net"
        12⤵
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2928
        
        C:\Windows\SysWOW64\net.net
        
        "C:\Windows\system32\net.net"
        13⤵
        Executes dropped EXE
        Checks whether UAC is enabled
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of SetWindowsHookEx
        
        PID:1664
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ping localhost -n 3 >> NUL && cmd /c start "" "C:\Windows\system32\net.net" >> NUL
        14⤵
        
        PID:2016
        
        C:\Windows\SysWOW64\PING.EXE
        
        ping localhost -n 3
        15⤵
        Runs ping.exe
        
        PID:1560
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c start "" "C:\Windows\system32\net.net"
        15⤵
        Loads dropped DLL
        
        PID:1656
        
        C:\Windows\SysWOW64\net.net
        
        "C:\Windows\system32\net.net"
        16⤵
        Executes dropped EXE
        Checks whether UAC is enabled
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of SetWindowsHookEx
        
        PID:1100
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ping localhost -n 3 >> NUL && cmd /c start "" "C:\Windows\system32\net.net" >> NUL
        17⤵
        
        PID:364
        
        C:\Windows\SysWOW64\PING.EXE
        
        ping localhost -n 3
        18⤵
        Runs ping.exe
        
        PID:520
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c start "" "C:\Windows\system32\net.net"
        18⤵
        Loads dropped DLL
        
        PID:1692
        
        C:\Windows\SysWOW64\net.net
        
        "C:\Windows\system32\net.net"
        19⤵
        Executes dropped EXE
        Checks whether UAC is enabled
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of SetWindowsHookEx
        
        PID:1688
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ping localhost -n 3 >> NUL && cmd /c start "" "C:\Windows\system32\net.net" >> NUL
        20⤵
        
        PID:1584
        
        C:\Windows\SysWOW64\PING.EXE
        
        ping localhost -n 3
        21⤵
        Runs ping.exe
        
        PID:1224
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c start "" "C:\Windows\system32\net.net"
        21⤵
        Loads dropped DLL
        
        PID:1864
        
        C:\Windows\SysWOW64\net.net
        
        "C:\Windows\system32\net.net"
        22⤵
        Executes dropped EXE
        Checks whether UAC is enabled
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of SetWindowsHookEx
        
        PID:2328
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ping localhost -n 3 >> NUL && cmd /c start "" "C:\Windows\system32\net.net" >> NUL
        23⤵
        
        PID:2264
        
        C:\Windows\SysWOW64\PING.EXE
        
        ping localhost -n 3
        24⤵
        Runs ping.exe
        
        PID:3000
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c start "" "C:\Windows\system32\net.net"
        24⤵
        Loads dropped DLL
        
        PID:1468
        
        C:\Windows\SysWOW64\net.net
        
        "C:\Windows\system32\net.net"
        25⤵
        Executes dropped EXE
        Checks whether UAC is enabled
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of SetWindowsHookEx
        
        PID:1644
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ping localhost -n 3 >> NUL && cmd /c start "" "C:\Windows\system32\net.net" >> NUL
        26⤵
        
        PID:1892
        
        C:\Windows\SysWOW64\PING.EXE
        
        ping localhost -n 3
        27⤵
        Runs ping.exe
        
        PID:1944
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c start "" "C:\Windows\system32\net.net"
        27⤵
        Loads dropped DLL
        
        PID:1432
        
        C:\Windows\SysWOW64\net.net
        
        "C:\Windows\system32\net.net"
        28⤵
        Executes dropped EXE
        Checks whether UAC is enabled
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of SetWindowsHookEx
        
        PID:2460
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ping localhost -n 3 >> NUL && cmd /c start "" "C:\Windows\system32\net.net" >> NUL
        29⤵
        
        PID:1340
        
        C:\Windows\SysWOW64\PING.EXE
        
        ping localhost -n 3
        30⤵
        Runs ping.exe
        
        PID:1960
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c start "" "C:\Windows\system32\net.net"
        30⤵
        Loads dropped DLL
        
        PID:2508
        
        C:\Windows\SysWOW64\net.net
        
        "C:\Windows\system32\net.net"
        31⤵
        Executes dropped EXE
        Checks whether UAC is enabled
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of SetWindowsHookEx
        
        PID:832
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ping localhost -n 3 >> NUL && cmd /c start "" "C:\Windows\system32\net.net" >> NUL
        32⤵
        
        PID:880
        
        C:\Windows\SysWOW64\PING.EXE
        
        ping localhost -n 3
        33⤵
        Runs ping.exe
        
        PID:1400
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c start "" "C:\Windows\system32\net.net"
        33⤵
        Loads dropped DLL
        
        PID:844
        
        C:\Windows\SysWOW64\net.net
        
        "C:\Windows\system32\net.net"
        34⤵
        Executes dropped EXE
        Checks whether UAC is enabled
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of SetWindowsHookEx
        
        PID:2108
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ping localhost -n 3 >> NUL && cmd /c start "" "C:\Windows\system32\net.net" >> NUL
        35⤵
        
        PID:2280
        
        C:\Windows\SysWOW64\PING.EXE
        
        ping localhost -n 3
        36⤵
        Runs ping.exe
        
        PID:1336
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c start "" "C:\Windows\system32\net.net"
        36⤵
        Loads dropped DLL
        
        PID:1076
        
        C:\Windows\SysWOW64\net.net
        
        "C:\Windows\system32\net.net"
        37⤵
        Executes dropped EXE
        Checks whether UAC is enabled
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of SetWindowsHookEx
        
        PID:3012
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ping localhost -n 3 >> NUL && cmd /c start "" "C:\Windows\system32\net.net" >> NUL
        38⤵
        
        PID:1604
        
        C:\Windows\SysWOW64\PING.EXE
        
        ping localhost -n 3
        39⤵
        Runs ping.exe
        
        PID:3048
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c start "" "C:\Windows\system32\net.net"
        39⤵
        Loads dropped DLL
        
        PID:2804
        
        C:\Windows\SysWOW64\net.net
        
        "C:\Windows\system32\net.net"
        40⤵
        Executes dropped EXE
        Checks whether UAC is enabled
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of SetWindowsHookEx
        
        PID:1868
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ping localhost -n 3 >> NUL && cmd /c start "" "C:\Windows\system32\net.net" >> NUL
        41⤵
        
        PID:2736
        
        C:\Windows\SysWOW64\PING.EXE
        
        ping localhost -n 3
        42⤵
        Runs ping.exe
        
        PID:2588
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c start "" "C:\Windows\system32\net.net"
        42⤵
        Loads dropped DLL
        
        PID:2696
        
        C:\Windows\SysWOW64\net.net
        
        "C:\Windows\system32\net.net"
        43⤵
        Executes dropped EXE
        Checks whether UAC is enabled
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of SetWindowsHookEx
        
        PID:2868
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ping localhost -n 3 >> NUL && cmd /c start "" "C:\Windows\system32\net.net" >> NUL
        44⤵
        
        PID:2424
        
        C:\Windows\SysWOW64\PING.EXE
        
        ping localhost -n 3
        45⤵
        Runs ping.exe
        
        PID:2704
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c start "" "C:\Windows\system32\net.net"
        45⤵
        Loads dropped DLL
        
        PID:2584
        
        C:\Windows\SysWOW64\net.net
        
        "C:\Windows\system32\net.net"
        46⤵
        Executes dropped EXE
        Checks whether UAC is enabled
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of SetWindowsHookEx
        
        PID:2748
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ping localhost -n 3 >> NUL && cmd /c start "" "C:\Windows\system32\net.net" >> NUL
        47⤵
        
        PID:2392
        
        C:\Windows\SysWOW64\PING.EXE
        
        ping localhost -n 3
        48⤵
        Runs ping.exe
        
        PID:2632
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c start "" "C:\Windows\system32\net.net"
        48⤵
        Loads dropped DLL
        
        PID:848
        
        C:\Windows\SysWOW64\net.net
        
        "C:\Windows\system32\net.net"
        49⤵
        Executes dropped EXE
        Checks whether UAC is enabled
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of SetWindowsHookEx
        
        PID:2680
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ping localhost -n 3 >> NUL && cmd /c start "" "C:\Windows\system32\net.net" >> NUL
        50⤵
        
        PID:2912
        
        C:\Windows\SysWOW64\PING.EXE
        
        ping localhost -n 3
        51⤵
        Runs ping.exe
        
        PID:2860
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c start "" "C:\Windows\system32\net.net"
        51⤵
        Loads dropped DLL
        
        PID:1196
        
        C:\Windows\SysWOW64\net.net
        
        "C:\Windows\system32\net.net"
        52⤵
        Executes dropped EXE
        Checks whether UAC is enabled
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of SetWindowsHookEx
        
        PID:2040
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ping localhost -n 3 >> NUL && cmd /c start "" "C:\Windows\system32\net.net" >> NUL
        53⤵
        
        PID:2260
        
        C:\Windows\SysWOW64\PING.EXE
        
        ping localhost -n 3
        54⤵
        Runs ping.exe
        
        PID:2164
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c start "" "C:\Windows\system32\net.net"
        54⤵
        Loads dropped DLL
        
        PID:1984
        
        C:\Windows\SysWOW64\net.net
        
        "C:\Windows\system32\net.net"
        55⤵
        Executes dropped EXE
        Checks whether UAC is enabled
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of SetWindowsHookEx
        
        PID:520
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ping localhost -n 3 >> NUL && cmd /c start "" "C:\Windows\system32\net.net" >> NUL
        56⤵
        
        PID:1680
        
        C:\Windows\SysWOW64\PING.EXE
        
        ping localhost -n 3
        57⤵
        Runs ping.exe
        
        PID:2412
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c start "" "C:\Windows\system32\net.net"
        57⤵
        Loads dropped DLL
        
        PID:2324
        
        C:\Windows\SysWOW64\net.net
        
        "C:\Windows\system32\net.net"
        58⤵
        Executes dropped EXE
        Checks whether UAC is enabled
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of SetWindowsHookEx
        
        PID:1584
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ping localhost -n 3 >> NUL && cmd /c start "" "C:\Windows\system32\net.net" >> NUL
        59⤵
        
        PID:1132
        
        C:\Windows\SysWOW64\PING.EXE
        
        ping localhost -n 3
        60⤵
        Runs ping.exe
        
        PID:2328
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c start "" "C:\Windows\system32\net.net"
        60⤵
        Loads dropped DLL
        
        PID:1244
        
        C:\Windows\SysWOW64\net.net
        
        "C:\Windows\system32\net.net"
        61⤵
        Executes dropped EXE
        Checks whether UAC is enabled
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of SetWindowsHookEx
        
        PID:3000
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ping localhost -n 3 >> NUL && cmd /c start "" "C:\Windows\system32\net.net" >> NUL
        62⤵
        
        PID:2304
        
        C:\Windows\SysWOW64\PING.EXE
        
        ping localhost -n 3
        63⤵
        Runs ping.exe
        
        PID:340
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c start "" "C:\Windows\system32\net.net"
        63⤵
        Loads dropped DLL
        
        PID:2404
        
        C:\Windows\SysWOW64\net.net
        
        "C:\Windows\system32\net.net"
        64⤵
        Executes dropped EXE
        Checks whether UAC is enabled
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of SetWindowsHookEx
        
        PID:1944
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ping localhost -n 3 >> NUL && cmd /c start "" "C:\Windows\system32\net.net" >> NUL
        65⤵
        
        PID:1932
        
        C:\Windows\SysWOW64\PING.EXE
        
        ping localhost -n 3
        66⤵
        Runs ping.exe
        
        PID:1164
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c start "" "C:\Windows\system32\net.net"
        66⤵
        Loads dropped DLL
        
        PID:2508
        
        C:\Windows\SysWOW64\net.net
        
        "C:\Windows\system32\net.net"
        67⤵
        Executes dropped EXE
        Checks whether UAC is enabled
        Suspicious behavior: EnumeratesProcesses
        
        PID:1588
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ping localhost -n 3 >> NUL && cmd /c start "" "C:\Windows\system32\net.net" >> NUL
        68⤵
        
        PID:1924
        
        C:\Windows\SysWOW64\PING.EXE
        
        ping localhost -n 3
        69⤵
        Runs ping.exe
        
        PID:676
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c start "" "C:\Windows\system32\net.net"
        69⤵
        Loads dropped DLL
        
        PID:1508
        
        C:\Windows\SysWOW64\net.net
        
        "C:\Windows\system32\net.net"
        70⤵
        Executes dropped EXE
        Checks whether UAC is enabled
        Suspicious behavior: EnumeratesProcesses
        
        PID:1676
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ping localhost -n 3 >> NUL && cmd /c start "" "C:\Windows\system32\net.net" >> NUL
        71⤵
        
        PID:1748
        
        C:\Windows\SysWOW64\PING.EXE
        
        ping localhost -n 3
        72⤵
        Runs ping.exe
        
        PID:1632
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c start "" "C:\Windows\system32\net.net"
        72⤵
        Loads dropped DLL
        
        PID:2092
        
        C:\Windows\SysWOW64\net.net
        
        "C:\Windows\system32\net.net"
        73⤵
        Executes dropped EXE
        Checks whether UAC is enabled
        Suspicious behavior: EnumeratesProcesses
        
        PID:876
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ping localhost -n 3 >> NUL && cmd /c start "" "C:\Windows\system32\net.net" >> NUL
        74⤵
        
        PID:1884
        
        C:\Windows\SysWOW64\PING.EXE
        
        ping localhost -n 3
        75⤵
        Runs ping.exe
        
        PID:1576
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c start "" "C:\Windows\system32\net.net"
        75⤵
        Loads dropped DLL
        
        PID:2660
        
        C:\Windows\SysWOW64\net.net
        
        "C:\Windows\system32\net.net"
        76⤵
        Executes dropped EXE
        Checks whether UAC is enabled
        Suspicious behavior: EnumeratesProcesses
        
        PID:2216
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ping localhost -n 3 >> NUL && cmd /c start "" "C:\Windows\system32\net.net" >> NUL
        77⤵
        
        PID:1604
        
        C:\Windows\SysWOW64\PING.EXE
        
        ping localhost -n 3
        78⤵
        Runs ping.exe
        
        PID:2448
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c start "" "C:\Windows\system32\net.net"
        78⤵
        Loads dropped DLL
        
        PID:2672
        
        C:\Windows\SysWOW64\net.net
        
        "C:\Windows\system32\net.net"
        79⤵
        Executes dropped EXE
        Checks whether UAC is enabled
        Suspicious behavior: EnumeratesProcesses
        
        PID:2616
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ping localhost -n 3 >> NUL && cmd /c start "" "C:\Windows\system32\net.net" >> NUL
        80⤵
        
        PID:2696
        
        C:\Windows\SysWOW64\PING.EXE
        
        ping localhost -n 3
        81⤵
        Runs ping.exe
        
        PID:1964
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c start "" "C:\Windows\system32\net.net"
        81⤵
        Loads dropped DLL
        
        PID:2960
        
        C:\Windows\SysWOW64\net.net
        
        "C:\Windows\system32\net.net"
        82⤵
        Executes dropped EXE
        Checks whether UAC is enabled
        Suspicious behavior: EnumeratesProcesses
        
        PID:1900
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ping localhost -n 3 >> NUL && cmd /c start "" "C:\Windows\system32\net.net" >> NUL
        83⤵
        
        PID:1724
        
        C:\Windows\SysWOW64\PING.EXE
        
        ping localhost -n 3
        84⤵
        Runs ping.exe
        
        PID:2424
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c start "" "C:\Windows\system32\net.net"
        84⤵
        Loads dropped DLL
        
        PID:2636
        
        C:\Windows\SysWOW64\net.net
        
        "C:\Windows\system32\net.net"
        85⤵
        Executes dropped EXE
        Checks whether UAC is enabled
        Suspicious behavior: EnumeratesProcesses
        
        PID:3060
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ping localhost -n 3 >> NUL && cmd /c start "" "C:\Windows\system32\net.net" >> NUL
        86⤵
        
        PID:1968
        
        C:\Windows\SysWOW64\PING.EXE
        
        ping localhost -n 3
        87⤵
        Runs ping.exe
        
        PID:2656
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c start "" "C:\Windows\system32\net.net"
        87⤵
        Loads dropped DLL
        
        PID:284
        
        C:\Windows\SysWOW64\net.net
        
        "C:\Windows\system32\net.net"
        88⤵
        Executes dropped EXE
        Checks whether UAC is enabled
        Suspicious behavior: EnumeratesProcesses
        
        PID:2920
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ping localhost -n 3 >> NUL && cmd /c start "" "C:\Windows\system32\net.net" >> NUL
        89⤵
        
        PID:2840
        
        C:\Windows\SysWOW64\PING.EXE
        
        ping localhost -n 3
        90⤵
        Runs ping.exe
        
        PID:2244
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c start "" "C:\Windows\system32\net.net"
        90⤵
        Loads dropped DLL
        
        PID:1996
        
        C:\Windows\SysWOW64\net.net
        
        "C:\Windows\system32\net.net"
        91⤵
        Executes dropped EXE
        Checks whether UAC is enabled
        Suspicious behavior: EnumeratesProcesses
        
        PID:2948
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ping localhost -n 3 >> NUL && cmd /c start "" "C:\Windows\system32\net.net" >> NUL
        92⤵
        
        PID:2040
        
        C:\Windows\SysWOW64\PING.EXE
        
        ping localhost -n 3
        93⤵
        Runs ping.exe
        
        PID:1184
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c start "" "C:\Windows\system32\net.net"
        93⤵
        Loads dropped DLL
        
        PID:2260
        
        C:\Windows\SysWOW64\net.net
        
        "C:\Windows\system32\net.net"
        94⤵
        Executes dropped EXE
        Checks whether UAC is enabled
        Suspicious behavior: EnumeratesProcesses
        
        PID:2480
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ping localhost -n 3 >> NUL && cmd /c start "" "C:\Windows\system32\net.net" >> NUL
        95⤵
        
        PID:1764
        
        C:\Windows\SysWOW64\PING.EXE
        
        ping localhost -n 3
        96⤵
        Runs ping.exe
        
        PID:1688
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c start "" "C:\Windows\system32\net.net"
        96⤵
        Loads dropped DLL
        
        PID:2308
        
        C:\Windows\SysWOW64\net.net
        
        "C:\Windows\system32\net.net"
        97⤵
        Executes dropped EXE
        Checks whether UAC is enabled
        Suspicious behavior: EnumeratesProcesses
        
        PID:2324
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ping localhost -n 3 >> NUL && cmd /c start "" "C:\Windows\system32\net.net" >> NUL
        98⤵
        
        PID:572
        
        C:\Windows\SysWOW64\PING.EXE
        
        ping localhost -n 3
        99⤵
        Runs ping.exe
        
        PID:1060
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c start "" "C:\Windows\system32\net.net"
        99⤵
        
        PID:2336
        
        C:\Windows\SysWOW64\net.net
        
        "C:\Windows\system32\net.net"
        100⤵
        Executes dropped EXE
        Checks whether UAC is enabled
        Suspicious behavior: EnumeratesProcesses
        
        PID:2328
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ping localhost -n 3 >> NUL && cmd /c start "" "C:\Windows\system32\net.net" >> NUL
        101⤵
        
        PID:2768
        
        C:\Windows\SysWOW64\PING.EXE
        
        ping localhost -n 3
        102⤵
        Runs ping.exe
        
        PID:568
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c start "" "C:\Windows\system32\net.net"
        102⤵
        
        PID:440
        
        C:\Windows\SysWOW64\net.net
        
        "C:\Windows\system32\net.net"
        103⤵
        Executes dropped EXE
        Checks whether UAC is enabled
        Suspicious behavior: EnumeratesProcesses
        
        PID:1112
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ping localhost -n 3 >> NUL && cmd /c start "" "C:\Windows\system32\net.net" >> NUL
        104⤵
        
        PID:2924
        
        C:\Windows\SysWOW64\PING.EXE
        
        ping localhost -n 3
        105⤵
        Runs ping.exe
        
        PID:1940
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c start "" "C:\Windows\system32\net.net"
        105⤵
        
        PID:1156
        
        C:\Windows\SysWOW64\net.net
        
        "C:\Windows\system32\net.net"
        106⤵
        Executes dropped EXE
        Checks whether UAC is enabled
        Suspicious behavior: EnumeratesProcesses
        
        PID:1944
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ping localhost -n 3 >> NUL && cmd /c start "" "C:\Windows\system32\net.net" >> NUL
        107⤵
        
        PID:2388
        
        C:\Windows\SysWOW64\PING.EXE
        
        ping localhost -n 3
        108⤵
        Runs ping.exe
        
        PID:2508
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c start "" "C:\Windows\system32\net.net"
        108⤵
        
        PID:940
        
        C:\Windows\SysWOW64\net.net
        
        "C:\Windows\system32\net.net"
        109⤵
        Executes dropped EXE
        Checks whether UAC is enabled
        Suspicious behavior: EnumeratesProcesses
        
        PID:1952
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ping localhost -n 3 >> NUL && cmd /c start "" "C:\Windows\system32\net.net" >> NUL
        110⤵
        
        PID:832
        
        C:\Windows\SysWOW64\PING.EXE
        
        ping localhost -n 3
        111⤵
        Runs ping.exe
        
        PID:2144
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c start "" "C:\Windows\system32\net.net"
        111⤵
        
        PID:1912
        
        C:\Windows\SysWOW64\net.net
        
        "C:\Windows\system32\net.net"
        112⤵
        Executes dropped EXE
        Checks whether UAC is enabled
        Suspicious behavior: EnumeratesProcesses
        
        PID:880
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ping localhost -n 3 >> NUL && cmd /c start "" "C:\Windows\system32\net.net" >> NUL
        113⤵
        
        PID:900
        
        C:\Windows\SysWOW64\PING.EXE
        
        ping localhost -n 3
        114⤵
        Runs ping.exe
        
        PID:2180
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c start "" "C:\Windows\system32\net.net"
        114⤵
        
        PID:2500
        
        C:\Windows\SysWOW64\net.net
        
        "C:\Windows\system32\net.net"
        115⤵
        Executes dropped EXE
        Checks whether UAC is enabled
        Suspicious behavior: EnumeratesProcesses
        
        PID:1076
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ping localhost -n 3 >> NUL && cmd /c start "" "C:\Windows\system32\net.net" >> NUL
        116⤵
        
        PID:868
        
        C:\Windows\SysWOW64\PING.EXE
        
        ping localhost -n 3
        117⤵
        Runs ping.exe
        
        PID:2688
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c start "" "C:\Windows\system32\net.net"
        117⤵
        
        PID:1628
        
        C:\Windows\SysWOW64\net.net
        
        "C:\Windows\system32\net.net"
        118⤵
        Executes dropped EXE
        Checks whether UAC is enabled
        Suspicious behavior: EnumeratesProcesses
        
        PID:2724
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ping localhost -n 3 >> NUL && cmd /c start "" "C:\Windows\system32\net.net" >> NUL
        119⤵
        
        PID:1868
        
        C:\Windows\SysWOW64\PING.EXE
        
        ping localhost -n 3
        120⤵
        Runs ping.exe
        
        PID:2672
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c start "" "C:\Windows\system32\net.net"
        120⤵
        
        PID:2848
        
        C:\Windows\SysWOW64\net.net
        
        "C:\Windows\system32\net.net"
        121⤵
        Executes dropped EXE
        Checks whether UAC is enabled
        Suspicious behavior: EnumeratesProcesses
        
        PID:2588
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ping localhost -n 3 >> NUL && cmd /c start "" "C:\Windows\system32\net.net" >> NUL
        122⤵
        
        PID:2780
        
        C:\Windows\SysWOW64\PING.EXE
        
        ping localhost -n 3
        123⤵
        Runs ping.exe
        
        PID:2712
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c start "" "C:\Windows\system32\net.net"
        123⤵
        
        PID:2624
        
        C:\Windows\SysWOW64\net.net
        
        "C:\Windows\system32\net.net"
        124⤵
        Executes dropped EXE
        Checks whether UAC is enabled
        Suspicious behavior: EnumeratesProcesses
        
        PID:2584
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ping localhost -n 3 >> NUL && cmd /c start "" "C:\Windows\system32\net.net" >> NUL
        125⤵
        
        PID:1760
        
        C:\Windows\SysWOW64\PING.EXE
        
        ping localhost -n 3
        126⤵
        Runs ping.exe
        
        PID:3052
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c start "" "C:\Windows\system32\net.net"
        126⤵
        
        PID:2604
        
        C:\Windows\SysWOW64\net.net
        
        "C:\Windows\system32\net.net"
        127⤵
        Executes dropped EXE
        Checks whether UAC is enabled
        Suspicious behavior: EnumeratesProcesses
        
        PID:3068
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ping localhost -n 3 >> NUL && cmd /c start "" "C:\Windows\system32\net.net" >> NUL
        128⤵
        
        PID:1232
        
        C:\Windows\SysWOW64\PING.EXE
        
        ping localhost -n 3
        129⤵
        Runs ping.exe
        
        PID:2760
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c start "" "C:\Windows\system32\net.net"
        129⤵
        
        PID:2808
        
        C:\Windows\SysWOW64\net.net
        
        "C:\Windows\system32\net.net"
        130⤵
        Executes dropped EXE
        Checks whether UAC is enabled
        Suspicious behavior: EnumeratesProcesses
        
        PID:2756
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ping localhost -n 3 >> NUL && cmd /c start "" "C:\Windows\system32\net.net" >> NUL
        131⤵
        
        PID:2680
        
        C:\Windows\SysWOW64\PING.EXE
        
        ping localhost -n 3
        132⤵
        Runs ping.exe
        
        PID:2860
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c start "" "C:\Windows\system32\net.net"
        132⤵
        
        PID:2244
        
        C:\Windows\SysWOW64\net.net
        
        "C:\Windows\system32\net.net"
        133⤵
        Executes dropped EXE
        Checks whether UAC is enabled
        Suspicious behavior: EnumeratesProcesses
        
        PID:1996
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ping localhost -n 3 >> NUL && cmd /c start "" "C:\Windows\system32\net.net" >> NUL
        134⤵
        
        PID:476
        
        C:\Windows\SysWOW64\PING.EXE
        
        ping localhost -n 3
        135⤵
        Runs ping.exe
        
        PID:2016
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c start "" "C:\Windows\system32\net.net"
        135⤵
        
        PID:2040
        
        C:\Windows\SysWOW64\net.net
        
        "C:\Windows\system32\net.net"
        136⤵
        Executes dropped EXE
        Checks whether UAC is enabled
        Suspicious behavior: EnumeratesProcesses
        
        PID:2012
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ping localhost -n 3 >> NUL && cmd /c start "" "C:\Windows\system32\net.net" >> NUL
        137⤵
        
        PID:1692
        
        C:\Windows\SysWOW64\PING.EXE
        
        ping localhost -n 3
        138⤵
        Runs ping.exe
        
        PID:2364
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c start "" "C:\Windows\system32\net.net"
        138⤵
        
        PID:1728
        
        C:\Windows\SysWOW64\net.net
        
        "C:\Windows\system32\net.net"
        139⤵
        Executes dropped EXE
        Checks whether UAC is enabled
        Suspicious behavior: EnumeratesProcesses
        
        PID:2620
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ping localhost -n 3 >> NUL && cmd /c start "" "C:\Windows\system32\net.net" >> NUL
        140⤵
        
        PID:1308
        
        C:\Windows\SysWOW64\PING.EXE
        
        ping localhost -n 3
        141⤵
        Runs ping.exe
        
        PID:1864
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c start "" "C:\Windows\system32\net.net"
        141⤵
        
        PID:616
        
        C:\Windows\SysWOW64\net.net
        
        "C:\Windows\system32\net.net"
        142⤵
        Executes dropped EXE
        Checks whether UAC is enabled
        Suspicious behavior: EnumeratesProcesses
        
        PID:748
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ping localhost -n 3 >> NUL && cmd /c start "" "C:\Windows\system32\net.net" >> NUL
        143⤵
        
        PID:644
        
        C:\Windows\SysWOW64\PING.EXE
        
        ping localhost -n 3
        144⤵
        Runs ping.exe
        
        PID:568
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c start "" "C:\Windows\system32\net.net"
        144⤵
        
        PID:1644
        
        C:\Windows\SysWOW64\net.net
        
        "C:\Windows\system32\net.net"
        145⤵
        Executes dropped EXE
        Checks whether UAC is enabled
        Suspicious behavior: EnumeratesProcesses
        
        PID:2956
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ping localhost -n 3 >> NUL && cmd /c start "" "C:\Windows\system32\net.net" >> NUL
        146⤵
        
        PID:680
        
        C:\Windows\SysWOW64\PING.EXE
        
        ping localhost -n 3
        147⤵
        Runs ping.exe
        
        PID:1940
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c start "" "C:\Windows\system32\net.net"
        147⤵
        
        PID:2936
        
        C:\Windows\SysWOW64\net.net
        
        "C:\Windows\system32\net.net"
        148⤵
        Executes dropped EXE
        Checks whether UAC is enabled
        Suspicious behavior: EnumeratesProcesses
        
        PID:1960
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ping localhost -n 3 >> NUL && cmd /c start "" "C:\Windows\system32\net.net" >> NUL
        149⤵
        
        PID:1536
        
        C:\Windows\SysWOW64\PING.EXE
        
        ping localhost -n 3
        150⤵
        Runs ping.exe
        
        PID:2460
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c start "" "C:\Windows\system32\net.net"
        150⤵
        
        PID:892
        
        C:\Windows\SysWOW64\net.net
        
        "C:\Windows\system32\net.net"
        151⤵
        Executes dropped EXE
        Checks whether UAC is enabled
        Suspicious behavior: EnumeratesProcesses
        
        PID:2124
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ping localhost -n 3 >> NUL && cmd /c start "" "C:\Windows\system32\net.net" >> NUL
        152⤵
        
        PID:2084
        
        C:\Windows\SysWOW64\PING.EXE
        
        ping localhost -n 3
        153⤵
        Runs ping.exe
        
        PID:2144
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c start "" "C:\Windows\system32\net.net"
        153⤵
        
        PID:2008
        
        C:\Windows\SysWOW64\net.net
        
        "C:\Windows\system32\net.net"
        154⤵
        Executes dropped EXE
        Checks whether UAC is enabled
        Suspicious behavior: EnumeratesProcesses
        
        PID:860
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ping localhost -n 3 >> NUL && cmd /c start "" "C:\Windows\system32\net.net" >> NUL
        155⤵
        
        PID:2248
        
        C:\Windows\SysWOW64\PING.EXE
        
        ping localhost -n 3
        156⤵
        Runs ping.exe
        
        PID:1080
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c start "" "C:\Windows\system32\net.net"
        156⤵
        
        PID:3040
        
        C:\Windows\SysWOW64\net.net
        
        "C:\Windows\system32\net.net"
        157⤵
        Executes dropped EXE
        Checks whether UAC is enabled
        Suspicious behavior: EnumeratesProcesses
        
        PID:2172
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ping localhost -n 3 >> NUL && cmd /c start "" "C:\Windows\system32\net.net" >> NUL
        158⤵
        
        PID:2300
        
        C:\Windows\SysWOW64\PING.EXE
        
        ping localhost -n 3
        159⤵
        Runs ping.exe
        
        PID:2688
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c start "" "C:\Windows\system32\net.net"
        159⤵
        
        PID:2232
        
        C:\Windows\SysWOW64\net.net
        
        "C:\Windows\system32\net.net"
        160⤵
        Executes dropped EXE
        Checks whether UAC is enabled
        Suspicious behavior: EnumeratesProcesses
        
        PID:2316
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ping localhost -n 3 >> NUL && cmd /c start "" "C:\Windows\system32\net.net" >> NUL
        161⤵
        
        PID:1604
        
        C:\Windows\SysWOW64\PING.EXE
        
        ping localhost -n 3
        162⤵
        Runs ping.exe
        
        PID:2848
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c start "" "C:\Windows\system32\net.net"
        162⤵
        
        PID:2832
        
        C:\Windows\SysWOW64\net.net
        
        "C:\Windows\system32\net.net"
        163⤵
        Executes dropped EXE
        Checks whether UAC is enabled
        Suspicious behavior: EnumeratesProcesses
        
        PID:1964
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ping localhost -n 3 >> NUL && cmd /c start "" "C:\Windows\system32\net.net" >> NUL
        164⤵
        
        PID:2372
        
        C:\Windows\SysWOW64\PING.EXE
        
        ping localhost -n 3
        165⤵
        Runs ping.exe
        
        PID:2896
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c start "" "C:\Windows\system32\net.net"
        165⤵
        
        PID:2296
        
        C:\Windows\SysWOW64\net.net
        
        "C:\Windows\system32\net.net"
        166⤵
        Executes dropped EXE
        Checks whether UAC is enabled
        Suspicious behavior: EnumeratesProcesses
        
        PID:1812
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ping localhost -n 3 >> NUL && cmd /c start "" "C:\Windows\system32\net.net" >> NUL
        167⤵
        
        PID:2776
        
        C:\Windows\SysWOW64\PING.EXE
        
        ping localhost -n 3
        168⤵
        Runs ping.exe
        
        PID:1760
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c start "" "C:\Windows\system32\net.net"
        168⤵
        
        PID:3064
        
        C:\Windows\SysWOW64\net.net
        
        "C:\Windows\system32\net.net"
        169⤵
        Executes dropped EXE
        Checks whether UAC is enabled
        Suspicious behavior: EnumeratesProcesses
        
        PID:2716
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ping localhost -n 3 >> NUL && cmd /c start "" "C:\Windows\system32\net.net" >> NUL
        170⤵
        
        PID:2628
        
        C:\Windows\SysWOW64\PING.EXE
        
        ping localhost -n 3
        171⤵
        Runs ping.exe
        
        PID:1612
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c start "" "C:\Windows\system32\net.net"
        171⤵
        
        PID:2876
        
        C:\Windows\SysWOW64\net.net
        
        "C:\Windows\system32\net.net"
        172⤵
        Executes dropped EXE
        Checks whether UAC is enabled
        Suspicious behavior: EnumeratesProcesses
        
        PID:2668
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ping localhost -n 3 >> NUL && cmd /c start "" "C:\Windows\system32\net.net" >> NUL
        173⤵
        
        PID:2912
        
        C:\Windows\SysWOW64\PING.EXE
        
        ping localhost -n 3
        174⤵
        Runs ping.exe
        
        PID:2680
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c start "" "C:\Windows\system32\net.net"
        174⤵
        
        PID:2036
        
        C:\Windows\SysWOW64\net.net
        
        "C:\Windows\system32\net.net"
        175⤵
        Executes dropped EXE
        Checks whether UAC is enabled
        Suspicious behavior: EnumeratesProcesses
        
        PID:2044
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ping localhost -n 3 >> NUL && cmd /c start "" "C:\Windows\system32\net.net" >> NUL
        176⤵
        
        PID:1756
        
        C:\Windows\SysWOW64\PING.EXE
        
        ping localhost -n 3
        177⤵
        Runs ping.exe
        
        PID:1992
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c start "" "C:\Windows\system32\net.net"
        177⤵
        
        PID:268
        
        C:\Windows\SysWOW64\net.net
        
        "C:\Windows\system32\net.net"
        178⤵
        Executes dropped EXE
        Checks whether UAC is enabled
        Suspicious behavior: EnumeratesProcesses
        
        PID:324
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ping localhost -n 3 >> NUL && cmd /c start "" "C:\Windows\system32\net.net" >> NUL
        179⤵
        
        PID:2012
        
        C:\Windows\SysWOW64\PING.EXE
        
        ping localhost -n 3
        180⤵
        Runs ping.exe
        
        PID:1624
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c start "" "C:\Windows\system32\net.net"
        180⤵
        
        PID:1580
        
        C:\Windows\SysWOW64\net.net
        
        "C:\Windows\system32\net.net"
        181⤵
        Executes dropped EXE
        Checks whether UAC is enabled
        Suspicious behavior: EnumeratesProcesses
        
        PID:784
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ping localhost -n 3 >> NUL && cmd /c start "" "C:\Windows\system32\net.net" >> NUL
        182⤵
        
        PID:1680
        
        C:\Windows\SysWOW64\PING.EXE
        
        ping localhost -n 3
        183⤵
        Runs ping.exe
        
        PID:980
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c start "" "C:\Windows\system32\net.net"
        183⤵
        
        PID:2340
        
        C:\Windows\SysWOW64\net.net
        
        "C:\Windows\system32\net.net"
        184⤵
        Executes dropped EXE
        Checks whether UAC is enabled
        Suspicious behavior: EnumeratesProcesses
        
        PID:2992
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ping localhost -n 3 >> NUL && cmd /c start "" "C:\Windows\system32\net.net" >> NUL
        185⤵
        
        PID:3004
        
        C:\Windows\SysWOW64\PING.EXE
        
        ping localhost -n 3
        186⤵
        Runs ping.exe
        
        PID:440
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c start "" "C:\Windows\system32\net.net"
        186⤵
        
        PID:2408
        
        C:\Windows\SysWOW64\net.net
        
        "C:\Windows\system32\net.net"
        187⤵
        Executes dropped EXE
        Checks whether UAC is enabled
        Suspicious behavior: EnumeratesProcesses
        
        PID:644
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ping localhost -n 3 >> NUL && cmd /c start "" "C:\Windows\system32\net.net" >> NUL
        188⤵
        
        PID:2304
        
        C:\Windows\SysWOW64\PING.EXE
        
        ping localhost -n 3
        189⤵
        Runs ping.exe
        
        PID:2536

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

T1018

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Windows\SysWOW64\net.net

Filesize
38KB

MD5
0b132c54e5fdb72ca4c9d5c776279cc3

SHA1
f1cfe61db8eea4c67731c475dd97215b81124f97

SHA256
301c74243d038cb1eac699caddd2cdf2df33a237b4aae9276605aa11fe06e47e

SHA512
6d49ebecb2bdba5c56be93eb4cacea64f666648ee31266310310c04278bda137bf0cb2f45666ec8bab6e3f9b6fc60de0c8e5f87ee6432fe6b4c18fbf1218f556

Download Submit
\Windows\SysWOW64\net.net

Filesize
108KB

MD5
8a2308e717857d6d7f8d712d7517efe2

SHA1
ade32ee95572133e5a5be4ed905e04fd146989cc

SHA256
39ddc5ee6653b06412e92cdf3d27e82fc9ddbe962073543753a3706a72541955

SHA512
c573865deec08ebfa61066a48c7dd4c060074df0b4dffd1c1703b087b92212f75e5cc460b0303d5f570b250702f8c9f074faa046bd67c28fd0bb77b5774e5c80

Download Submit
memory/324-352-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/520-143-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/520-147-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/644-366-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/748-294-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/784-357-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/832-81-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/832-84-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/860-313-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/876-183-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/876-186-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/880-244-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1076-249-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1100-45-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1100-46-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1112-230-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1112-231-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1584-151-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1584-154-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1588-176-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1588-174-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1588-178-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1644-66-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1644-67-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1644-70-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1664-39-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1664-38-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1676-180-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1676-182-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1688-53-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1688-52-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1812-333-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1868-0-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1868-6-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1868-104-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1868-2-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1868-105-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1900-201-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1900-199-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1900-197-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1944-168-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1944-234-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1944-171-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1944-172-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1944-236-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1944-232-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1952-240-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1952-239-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1960-303-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1964-329-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1984-170-0x0000000000120000-0x000000000014F000-memory.dmp

Filesize
188KB

Download
memory/1984-141-0x0000000000120000-0x000000000014F000-memory.dmp

Filesize
188KB

Download
memory/1996-277-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2012-282-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2040-138-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2040-135-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2040-134-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2044-348-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2108-91-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2108-88-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2124-307-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2172-317-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2216-188-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2216-191-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2316-322-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2324-222-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2324-223-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2328-226-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2328-62-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2328-61-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2328-60-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2328-227-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2404-187-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2404-166-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2460-74-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2460-77-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2480-219-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2480-216-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2508-173-0x00000000002E0000-0x000000000030F000-memory.dmp

Filesize
188KB

Download
memory/2584-144-0x0000000000270000-0x000000000029F000-memory.dmp

Filesize
188KB

Download
memory/2584-263-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2588-259-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2596-30-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2596-31-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2616-195-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2616-192-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2620-288-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2668-342-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2680-130-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2680-129-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2696-108-0x0000000000130000-0x000000000015F000-memory.dmp

Filesize
188KB

Download
memory/2696-196-0x0000000000130000-0x000000000015F000-memory.dmp

Filesize
188KB

Download
memory/2696-128-0x0000000000130000-0x000000000015F000-memory.dmp

Filesize
188KB

Download
memory/2716-338-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2724-254-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2748-122-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2748-119-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2748-118-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2756-272-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2780-16-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2780-14-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2780-12-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2812-20-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2812-21-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2812-24-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2852-11-0x0000000000170000-0x000000000019F000-memory.dmp

Filesize
188KB

Download
memory/2868-110-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2868-114-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2868-112-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2920-207-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2920-210-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2928-54-0x0000000000260000-0x000000000028F000-memory.dmp

Filesize
188KB

Download
memory/2928-33-0x0000000000260000-0x000000000028F000-memory.dmp

Filesize
188KB

Download
memory/2948-211-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2948-212-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2948-215-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2956-298-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2992-362-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/3000-162-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/3000-160-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/3000-158-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/3012-97-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/3012-98-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/3060-202-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/3060-203-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/3060-206-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/3068-267-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download