08eda86a5fc8ecf563d1f42dc84d4aac0a356ae2068febd87d66454639a8cbd0

Analysis

max time kernel
145s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19-07-2024 18:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5d16231a4f293b24456e7efd6136ddf9_JaffaCakes118.exe
Size

382KB
MD5

5d16231a4f293b24456e7efd6136ddf9
SHA1

8665c5f56fb7beaa90e6d7d655abc7550b4013a3
SHA256

08eda86a5fc8ecf563d1f42dc84d4aac0a356ae2068febd87d66454639a8cbd0
SHA512

eb261043a2d3420aae8d83af0a1a84047429b092207a3f28de613b1fc8d46278bee45a917eb99aef4b39bd56a633538dd8c92c3026aed0e349ebf4d3318ec3be
SSDEEP

6144:KePaoj6mzxv0qAqfbyxDkN7YYbAeAbkZwTagAq3l0+wmDGgC:Ke5j7zN0qAqGxGdoQZwTaFOGH

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3132	tazebama.dl_
2840	tazebama.dl_
4540	tazebama.dl_
116	tazebama.dl_
1128	tazebama.dl_
5064	tazebama.dl_
1472	tazebama.dl_
1036	tazebama.dl_
744	tazebama.dl_
2156	tazebama.dl_
4608	tazebama.dl_
3344	tazebama.dl_
5036	tazebama.dl_
864	tazebama.dl_
1608	tazebama.dl_
4656	tazebama.dl_
5004	tazebama.dl_
2180	tazebama.dl_
4168	tazebama.dl_
3040	tazebama.dl_
3488	tazebama.dl_
1444	tazebama.dl_
2560	tazebama.dl_
2688	tazebama.dl_
4280	tazebama.dl_
2096	tazebama.dl_
4048	tazebama.dl_
1960	tazebama.dl_
960	tazebama.dl_
2672	tazebama.dl_
2512	tazebama.dl_
3052	tazebama.dl_
1140	tazebama.dl_
1748	tazebama.dl_
4860	tazebama.dl_
1052	tazebama.dl_
4144	tazebama.dl_
1408	tazebama.dl_
2736	tazebama.dl_
2188	tazebama.dl_
4104	tazebama.dl_
3160	tazebama.dl_
1996	tazebama.dl_
1592	tazebama.dl_
2792	tazebama.dl_
2536	tazebama.dl_
1428	tazebama.dl_
2148	tazebama.dl_
3792	tazebama.dl_
1292	tazebama.dl_
1512	tazebama.dl_
1760	tazebama.dl_
3420	tazebama.dl_
768	tazebama.dl_
1644	tazebama.dl_
4184	tazebama.dl_
1628	tazebama.dl_
1392	tazebama.dl_
4060	tazebama.dl_
4056	tazebama.dl_
4628	tazebama.dl_
4152	tazebama.dl_
3560	tazebama.dl_
5108	tazebama.dl_

Loads dropped DLL 1 IoCs

pid	Process
3008	5d16231a4f293b24456e7efd6136ddf9_JaffaCakes118.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
7804	3008	WerFault.exe	85

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
116	tazebama.dl_
116	tazebama.dl_
1128	tazebama.dl_
1128	tazebama.dl_
3132	tazebama.dl_
3132	tazebama.dl_
2840	tazebama.dl_
2840	tazebama.dl_
1392	tazebama.dl_
1392	tazebama.dl_
768	tazebama.dl_
768	tazebama.dl_
5036	tazebama.dl_
5036	tazebama.dl_
4608	tazebama.dl_
4608	tazebama.dl_
744	tazebama.dl_
744	tazebama.dl_
1996	tazebama.dl_
1996	tazebama.dl_
4104	tazebama.dl_
4104	tazebama.dl_
2688	tazebama.dl_
2688	tazebama.dl_
2188	tazebama.dl_
2188	tazebama.dl_
3420	tazebama.dl_
3420	tazebama.dl_
4280	tazebama.dl_
4280	tazebama.dl_
4056	tazebama.dl_
4056	tazebama.dl_
1292	tazebama.dl_
1292	tazebama.dl_
1628	tazebama.dl_
1628	tazebama.dl_
2672	tazebama.dl_
2672	tazebama.dl_
1592	tazebama.dl_
1592	tazebama.dl_
3040	tazebama.dl_
3040	tazebama.dl_
2180	tazebama.dl_
2180	tazebama.dl_
4168	tazebama.dl_
2156	tazebama.dl_
4168	tazebama.dl_
2156	tazebama.dl_
3792	tazebama.dl_
3792	tazebama.dl_
1608	tazebama.dl_
1608	tazebama.dl_
4628	tazebama.dl_
4628	tazebama.dl_
1444	tazebama.dl_
1444	tazebama.dl_
4860	tazebama.dl_
4860	tazebama.dl_
3052	tazebama.dl_
3052	tazebama.dl_
4152	tazebama.dl_
4152	tazebama.dl_
1428	tazebama.dl_
1428	tazebama.dl_

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3008 wrote to memory of 3132	3008	5d16231a4f293b24456e7efd6136ddf9_JaffaCakes118.exe	86
PID 3008 wrote to memory of 3132	3008	5d16231a4f293b24456e7efd6136ddf9_JaffaCakes118.exe	86
PID 3008 wrote to memory of 3132	3008	5d16231a4f293b24456e7efd6136ddf9_JaffaCakes118.exe	86
PID 3008 wrote to memory of 2840	3008	5d16231a4f293b24456e7efd6136ddf9_JaffaCakes118.exe	87
PID 3008 wrote to memory of 2840	3008	5d16231a4f293b24456e7efd6136ddf9_JaffaCakes118.exe	87
PID 3008 wrote to memory of 2840	3008	5d16231a4f293b24456e7efd6136ddf9_JaffaCakes118.exe	87
PID 3008 wrote to memory of 4540	3008	5d16231a4f293b24456e7efd6136ddf9_JaffaCakes118.exe	88
PID 3008 wrote to memory of 4540	3008	5d16231a4f293b24456e7efd6136ddf9_JaffaCakes118.exe	88
PID 3008 wrote to memory of 4540	3008	5d16231a4f293b24456e7efd6136ddf9_JaffaCakes118.exe	88
PID 3008 wrote to memory of 116	3008	5d16231a4f293b24456e7efd6136ddf9_JaffaCakes118.exe	89
PID 3008 wrote to memory of 116	3008	5d16231a4f293b24456e7efd6136ddf9_JaffaCakes118.exe	89
PID 3008 wrote to memory of 116	3008	5d16231a4f293b24456e7efd6136ddf9_JaffaCakes118.exe	89
PID 3008 wrote to memory of 1128	3008	5d16231a4f293b24456e7efd6136ddf9_JaffaCakes118.exe	90
PID 3008 wrote to memory of 1128	3008	5d16231a4f293b24456e7efd6136ddf9_JaffaCakes118.exe	90
PID 3008 wrote to memory of 1128	3008	5d16231a4f293b24456e7efd6136ddf9_JaffaCakes118.exe	90
PID 3008 wrote to memory of 5064	3008	5d16231a4f293b24456e7efd6136ddf9_JaffaCakes118.exe	91
PID 3008 wrote to memory of 5064	3008	5d16231a4f293b24456e7efd6136ddf9_JaffaCakes118.exe	91
PID 3008 wrote to memory of 5064	3008	5d16231a4f293b24456e7efd6136ddf9_JaffaCakes118.exe	91
PID 3008 wrote to memory of 1472	3008	5d16231a4f293b24456e7efd6136ddf9_JaffaCakes118.exe	92
PID 3008 wrote to memory of 1472	3008	5d16231a4f293b24456e7efd6136ddf9_JaffaCakes118.exe	92
PID 3008 wrote to memory of 1472	3008	5d16231a4f293b24456e7efd6136ddf9_JaffaCakes118.exe	92
PID 3008 wrote to memory of 1036	3008	5d16231a4f293b24456e7efd6136ddf9_JaffaCakes118.exe	93
PID 3008 wrote to memory of 1036	3008	5d16231a4f293b24456e7efd6136ddf9_JaffaCakes118.exe	93
PID 3008 wrote to memory of 1036	3008	5d16231a4f293b24456e7efd6136ddf9_JaffaCakes118.exe	93
PID 3008 wrote to memory of 744	3008	5d16231a4f293b24456e7efd6136ddf9_JaffaCakes118.exe	94
PID 3008 wrote to memory of 744	3008	5d16231a4f293b24456e7efd6136ddf9_JaffaCakes118.exe	94
PID 3008 wrote to memory of 744	3008	5d16231a4f293b24456e7efd6136ddf9_JaffaCakes118.exe	94
PID 3008 wrote to memory of 2156	3008	5d16231a4f293b24456e7efd6136ddf9_JaffaCakes118.exe	95
PID 3008 wrote to memory of 2156	3008	5d16231a4f293b24456e7efd6136ddf9_JaffaCakes118.exe	95
PID 3008 wrote to memory of 2156	3008	5d16231a4f293b24456e7efd6136ddf9_JaffaCakes118.exe	95
PID 3008 wrote to memory of 4608	3008	5d16231a4f293b24456e7efd6136ddf9_JaffaCakes118.exe	96
PID 3008 wrote to memory of 4608	3008	5d16231a4f293b24456e7efd6136ddf9_JaffaCakes118.exe	96
PID 3008 wrote to memory of 4608	3008	5d16231a4f293b24456e7efd6136ddf9_JaffaCakes118.exe	96
PID 3008 wrote to memory of 3344	3008	5d16231a4f293b24456e7efd6136ddf9_JaffaCakes118.exe	97
PID 3008 wrote to memory of 3344	3008	5d16231a4f293b24456e7efd6136ddf9_JaffaCakes118.exe	97
PID 3008 wrote to memory of 3344	3008	5d16231a4f293b24456e7efd6136ddf9_JaffaCakes118.exe	97
PID 3008 wrote to memory of 5036	3008	5d16231a4f293b24456e7efd6136ddf9_JaffaCakes118.exe	98
PID 3008 wrote to memory of 5036	3008	5d16231a4f293b24456e7efd6136ddf9_JaffaCakes118.exe	98
PID 3008 wrote to memory of 5036	3008	5d16231a4f293b24456e7efd6136ddf9_JaffaCakes118.exe	98
PID 3008 wrote to memory of 864	3008	5d16231a4f293b24456e7efd6136ddf9_JaffaCakes118.exe	99
PID 3008 wrote to memory of 864	3008	5d16231a4f293b24456e7efd6136ddf9_JaffaCakes118.exe	99
PID 3008 wrote to memory of 864	3008	5d16231a4f293b24456e7efd6136ddf9_JaffaCakes118.exe	99
PID 3008 wrote to memory of 4656	3008	5d16231a4f293b24456e7efd6136ddf9_JaffaCakes118.exe	100
PID 3008 wrote to memory of 4656	3008	5d16231a4f293b24456e7efd6136ddf9_JaffaCakes118.exe	100
PID 3008 wrote to memory of 4656	3008	5d16231a4f293b24456e7efd6136ddf9_JaffaCakes118.exe	100
PID 3008 wrote to memory of 5004	3008	5d16231a4f293b24456e7efd6136ddf9_JaffaCakes118.exe	101
PID 3008 wrote to memory of 5004	3008	5d16231a4f293b24456e7efd6136ddf9_JaffaCakes118.exe	101
PID 3008 wrote to memory of 5004	3008	5d16231a4f293b24456e7efd6136ddf9_JaffaCakes118.exe	101
PID 3008 wrote to memory of 1608	3008	5d16231a4f293b24456e7efd6136ddf9_JaffaCakes118.exe	102
PID 3008 wrote to memory of 1608	3008	5d16231a4f293b24456e7efd6136ddf9_JaffaCakes118.exe	102
PID 3008 wrote to memory of 1608	3008	5d16231a4f293b24456e7efd6136ddf9_JaffaCakes118.exe	102
PID 3008 wrote to memory of 2180	3008	5d16231a4f293b24456e7efd6136ddf9_JaffaCakes118.exe	103
PID 3008 wrote to memory of 2180	3008	5d16231a4f293b24456e7efd6136ddf9_JaffaCakes118.exe	103
PID 3008 wrote to memory of 2180	3008	5d16231a4f293b24456e7efd6136ddf9_JaffaCakes118.exe	103
PID 3008 wrote to memory of 4168	3008	5d16231a4f293b24456e7efd6136ddf9_JaffaCakes118.exe	104
PID 3008 wrote to memory of 4168	3008	5d16231a4f293b24456e7efd6136ddf9_JaffaCakes118.exe	104
PID 3008 wrote to memory of 4168	3008	5d16231a4f293b24456e7efd6136ddf9_JaffaCakes118.exe	104
PID 3008 wrote to memory of 3040	3008	5d16231a4f293b24456e7efd6136ddf9_JaffaCakes118.exe	105
PID 3008 wrote to memory of 3040	3008	5d16231a4f293b24456e7efd6136ddf9_JaffaCakes118.exe	105
PID 3008 wrote to memory of 3040	3008	5d16231a4f293b24456e7efd6136ddf9_JaffaCakes118.exe	105
PID 3008 wrote to memory of 3488	3008	5d16231a4f293b24456e7efd6136ddf9_JaffaCakes118.exe	106
PID 3008 wrote to memory of 3488	3008	5d16231a4f293b24456e7efd6136ddf9_JaffaCakes118.exe	106
PID 3008 wrote to memory of 3488	3008	5d16231a4f293b24456e7efd6136ddf9_JaffaCakes118.exe	106
PID 3008 wrote to memory of 1444	3008	5d16231a4f293b24456e7efd6136ddf9_JaffaCakes118.exe	107

C:\Users\Admin\AppData\Local\Temp\5d16231a4f293b24456e7efd6136ddf9_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d16231a4f293b24456e7efd6136ddf9_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3008
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:3132
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:2840
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  PID:4540
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:116
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:1128
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  PID:5064
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:744
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:2156
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:4608
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  PID:3344
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:5036
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  PID:864
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  PID:4656
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  PID:5004
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:1608
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:2180
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:4168
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:3040
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  PID:3488
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:1444
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:2688
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:4280
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  PID:4048
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  PID:960
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:2672
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:3052
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  PID:1140
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:2572
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:4860
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  PID:4144
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  PID:1408
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:2188
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:4104
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  PID:3160
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:1996
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:1592
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:1428
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:3792
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:1292
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:3420
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:768
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  PID:4184
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:1628
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:1392
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  PID:4060
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:4056
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:4628
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:4152
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  PID:3560
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  PID:5108
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:4724
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:688
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:3636
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:4956
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:2304
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5016
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:1788
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:3164
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:3312
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:4648
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:1032
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:3564
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:3148
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:4404
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:1804
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:1232
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5028
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:4064
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:3856
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:3508
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:2260
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:4836
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:3660
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:3840
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:4068
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:2968
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:4160
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:1420
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:1920
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:2168
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:2800
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:1520
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:2460
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:596
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:2024
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:3096
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:852
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:2880
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:2228
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:4796
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:216
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:1288
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:1584
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:4584
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:3468
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:4252
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:1728
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5048
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:3820
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:1116
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:4108
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:4100
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5128
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5140
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5156
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5172
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5184
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5196
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5208
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5224
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5236
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5248
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5260
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5276
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5292
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5304
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5316
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5612
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5640
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5664
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5684
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5708
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5736
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5760
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5784
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5808
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5832
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5856
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5880
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5904
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5988
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6000
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6012
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6024
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6036
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6048
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6060
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6072
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6084
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6096
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6108
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6120
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6132
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:1152
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:1980
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:2552
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:2252
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:1252
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:736
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:3748
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:3204
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:2004
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:1532
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:1672
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:1932
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:1160
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:1860
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:2448
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:2556
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:556
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:4640
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:4020
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:4148
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:2344
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:2924
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:4780
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6148
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6160
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6172
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6184
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6196
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6208
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6220
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6248
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6260
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6272
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6288
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6300
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6312
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6324
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6336
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6348
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6360
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6372
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6388
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6400
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6412
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6428
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6440
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6452
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6464
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6476
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6492
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6504
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6516
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6528
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6544
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6556
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6568
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6580
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6592
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6608
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6620
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6632
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6644
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6656
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6672
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6684
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6696
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6708
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6724
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6736
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6748
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6760
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6772
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6788
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6800
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6812
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6824
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6836
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6852
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6864
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6876
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6888
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6900
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6916
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6928
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6940
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6952
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6964
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6976
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6988
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7004
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7016
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7028
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7040
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7052
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7068
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7080
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7092
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7104
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7116
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7132
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7144
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7156
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:3436
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:3528
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:4760
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:2444
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:1120
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:3824
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:428
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:1424
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7172
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7188
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7200
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7212
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7224
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7236
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7252
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7264
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7276
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7288
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7300
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7312
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7328
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7340
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7352
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7364
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7376
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7392
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7404
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7416
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7428
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7440
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7452
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7468
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7480
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7492
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7504
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7516
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7532
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7544
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7556
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7568
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7580
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7592
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7608
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7620
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7632
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7644
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7656
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7672
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7684
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7696
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7708
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7720
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7736
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7748
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7760
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7772
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7784
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7796
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7808
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7820
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7832
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7844
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7912
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7924
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7940
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7952
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7964
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7976
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7988
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8000
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8016
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8028
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8040
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8052
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8064
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8076
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8092
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8108
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8120
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8132
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8144
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8156
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8168
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8180
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:4164
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:4804
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:3188
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:1284
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:2112
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:1904
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:4324
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:4588
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:1756
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:2292
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5136
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5180
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5220
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5256
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5300
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:2124
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6140
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5920
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5924
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8204
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8216
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8228
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8240
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8252
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8264
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8280
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8292
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8304
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8316
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8328
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8340
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8356
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8368
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8380
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8392
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8404
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8416
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8428
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8444
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8456
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8468
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8480
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8492
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8504
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8520
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8532
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8544
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8556
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8568
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 3588
  2⤵
  - Program crash
  PID:7804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 3008 -ip 3008
1⤵
PID:6384

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\tazebama.dl_

Filesize
157KB

MD5
7ad28b3622198870b43e50fc9893e5b0

SHA1
a3ab1fd83de96c2ebf1138c974ea1736dd04d1fe

SHA256
21455555e3654c57c0fddd872945cba78920dd59bdc1b5845679258e05ef065a

SHA512
a029af858d33f22ad1fe00c95fdbc61c5398ebeacce4f3336bd01e34f50218e2a42d36e01abaf5b94c7278ae1e4965185b84b59ccbfa74f59e9bbab08cece5dd

Download Submit
C:\Users\tazebama.dll

Filesize
32KB

MD5
b6a03576e595afacb37ada2f1d5a0529

SHA1
d598d4d0e70dec2ffa2849edaeb4db94fedcc0b8

SHA256
1707eaf60aa91f3791aa5643bfa038e9d8141878d61f5d701ebac51f4ae7aaad

SHA512
181b7cc6479352fe2c53c3630d45a839cdeb74708be6709c2a75847a54de3ffc1fdac8450270dde7174ecb23e5cb002f8ce39032429a3112b1202f3381b8918c

Download Submit
memory/116-113-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/736-554-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/744-535-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/768-264-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/864-216-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/960-235-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/1052-244-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/1128-118-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/1128-534-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/1140-240-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/1152-550-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/1252-553-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/1292-259-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/1392-266-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/1408-247-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/1428-256-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/1444-226-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/1472-332-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/1512-470-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/1512-260-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/1592-253-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/1608-217-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/1628-265-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/1672-558-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/1748-241-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/1760-261-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/1804-290-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/1932-559-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/1960-234-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/1980-551-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/1996-252-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/2004-557-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/2096-232-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/2156-324-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/2180-221-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/2188-248-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/2252-552-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/2536-255-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/2552-549-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/2560-228-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/2560-529-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/2672-237-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/2688-229-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/2840-531-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/2840-121-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/3008-110-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/3008-15-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/3008-0-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/3008-104-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/3008-103-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/3008-108-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/3040-224-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/3052-238-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/3132-528-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/3132-27-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/3160-251-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/3204-555-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/3420-263-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/3488-225-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/3560-214-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/3564-288-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/3660-293-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/3748-556-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/3792-257-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/4048-233-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/4056-268-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/4060-267-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/4104-249-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/4144-245-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/4168-222-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/4280-230-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/4540-106-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/4540-533-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/4648-270-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/4656-218-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/4724-269-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/4860-243-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/5004-220-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/5016-530-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/5028-291-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/5036-532-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/5260-300-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/5304-302-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/5904-536-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/5988-537-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/6000-538-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/6012-539-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/6024-540-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/6036-541-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/6048-542-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/6060-543-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/6072-544-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/6084-545-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/6096-546-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/6108-547-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/6120-548-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download