372c19d5c25a33973f9696d21b4911808c6ba4ebd78c4e0f282b02c52794a495

Analysis

max time kernel
96s
max time network
135s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
09/09/2024, 23:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d74a0e54e92e73969b8d0ceec56ba93f_JaffaCakes118.exe
Size

440KB
MD5

d74a0e54e92e73969b8d0ceec56ba93f
SHA1

e078415f00ede9e6f46bf487e23995825bdf1aa2
SHA256

372c19d5c25a33973f9696d21b4911808c6ba4ebd78c4e0f282b02c52794a495
SHA512

90a3d78dd500676956ff4f30e9c430331645e45a19219cf9b8b43689822ab3855fd4cf4340bc1c72a821867e4231e7c5d669a623edf8300c245b6a1f3ce3bcc2
SSDEEP

12288:n99DPb14ba5BKUtS2yDOveyrNoQZwTaFOGH:nzyu5BKUt3yDKDCdGx

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2164	tazebama.dl_
1044	tazebama.dl_
2672	tazebama.dl_
412	tazebama.dl_
2136	tazebama.dl_
4476	tazebama.dl_
4912	tazebama.dl_
1352	tazebama.dl_
4116	tazebama.dl_
4784	tazebama.dl_
3372	tazebama.dl_
4520	tazebama.dl_
4152	tazebama.dl_
3648	tazebama.dl_
3564	tazebama.dl_
3632	tazebama.dl_
3644	tazebama.dl_
3536	tazebama.dl_
2960	tazebama.dl_
2232	tazebama.dl_
4656	tazebama.dl_
1728	tazebama.dl_
5096	tazebama.dl_
2852	tazebama.dl_
4692	tazebama.dl_
1444	tazebama.dl_
1572	tazebama.dl_
3464	tazebama.dl_
4212	tazebama.dl_
3552	tazebama.dl_
4672	tazebama.dl_
3484	tazebama.dl_
2740	tazebama.dl_
864	tazebama.dl_
2436	tazebama.dl_
4084	tazebama.dl_
1092	tazebama.dl_
3660	tazebama.dl_
4544	tazebama.dl_
3684	tazebama.dl_
4396	tazebama.dl_
4612	tazebama.dl_
4796	tazebama.dl_
2832	tazebama.dl_
1580	tazebama.dl_
1932	tazebama.dl_
4816	tazebama.dl_
4264	tazebama.dl_
1828	tazebama.dl_
2040	tazebama.dl_
3836	tazebama.dl_
1228	tazebama.dl_
8	tazebama.dl_
1544	tazebama.dl_
3416	tazebama.dl_
3936	tazebama.dl_
5084	tazebama.dl_
5092	tazebama.dl_
4032	tazebama.dl_
4140	tazebama.dl_
2708	tazebama.dl_
2248	tazebama.dl_
4856	tazebama.dl_
3324	tazebama.dl_

Loads dropped DLL 1 IoCs

pid	Process
2552	d74a0e54e92e73969b8d0ceec56ba93f_JaffaCakes118.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4916	2552	WerFault.exe	82

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d74a0e54e92e73969b8d0ceec56ba93f_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tazebama.dl_

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2164	tazebama.dl_
2164	tazebama.dl_
2672	tazebama.dl_
2672	tazebama.dl_
412	tazebama.dl_
412	tazebama.dl_
2136	tazebama.dl_
2136	tazebama.dl_
4476	tazebama.dl_
4476	tazebama.dl_
4912	tazebama.dl_
4912	tazebama.dl_
1352	tazebama.dl_
1352	tazebama.dl_
4116	tazebama.dl_
4116	tazebama.dl_
4784	tazebama.dl_
4784	tazebama.dl_
3372	tazebama.dl_
3372	tazebama.dl_
4520	tazebama.dl_
4520	tazebama.dl_
4152	tazebama.dl_
4152	tazebama.dl_
3648	tazebama.dl_
3648	tazebama.dl_
3564	tazebama.dl_
3564	tazebama.dl_
3644	tazebama.dl_
3644	tazebama.dl_
3536	tazebama.dl_
3536	tazebama.dl_
3464	tazebama.dl_
3464	tazebama.dl_
3552	tazebama.dl_
3552	tazebama.dl_
3660	tazebama.dl_
3660	tazebama.dl_
4084	tazebama.dl_
4084	tazebama.dl_
3684	tazebama.dl_
4396	tazebama.dl_
4396	tazebama.dl_
4612	tazebama.dl_
4612	tazebama.dl_
4796	tazebama.dl_
4796	tazebama.dl_
1580	tazebama.dl_
1580	tazebama.dl_
1932	tazebama.dl_
1932	tazebama.dl_
4264	tazebama.dl_
4264	tazebama.dl_
4816	tazebama.dl_
4816	tazebama.dl_
1828	tazebama.dl_
1828	tazebama.dl_
2040	tazebama.dl_
2040	tazebama.dl_
3836	tazebama.dl_
3836	tazebama.dl_
1228	tazebama.dl_
1228	tazebama.dl_
1544	tazebama.dl_

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2552 wrote to memory of 2164	2552	d74a0e54e92e73969b8d0ceec56ba93f_JaffaCakes118.exe	84
PID 2552 wrote to memory of 2164	2552	d74a0e54e92e73969b8d0ceec56ba93f_JaffaCakes118.exe	84
PID 2552 wrote to memory of 2164	2552	d74a0e54e92e73969b8d0ceec56ba93f_JaffaCakes118.exe	84
PID 2552 wrote to memory of 1044	2552	d74a0e54e92e73969b8d0ceec56ba93f_JaffaCakes118.exe	85
PID 2552 wrote to memory of 1044	2552	d74a0e54e92e73969b8d0ceec56ba93f_JaffaCakes118.exe	85
PID 2552 wrote to memory of 1044	2552	d74a0e54e92e73969b8d0ceec56ba93f_JaffaCakes118.exe	85
PID 2552 wrote to memory of 2672	2552	d74a0e54e92e73969b8d0ceec56ba93f_JaffaCakes118.exe	86
PID 2552 wrote to memory of 2672	2552	d74a0e54e92e73969b8d0ceec56ba93f_JaffaCakes118.exe	86
PID 2552 wrote to memory of 2672	2552	d74a0e54e92e73969b8d0ceec56ba93f_JaffaCakes118.exe	86
PID 2552 wrote to memory of 412	2552	d74a0e54e92e73969b8d0ceec56ba93f_JaffaCakes118.exe	87
PID 2552 wrote to memory of 412	2552	d74a0e54e92e73969b8d0ceec56ba93f_JaffaCakes118.exe	87
PID 2552 wrote to memory of 412	2552	d74a0e54e92e73969b8d0ceec56ba93f_JaffaCakes118.exe	87
PID 2552 wrote to memory of 2136	2552	d74a0e54e92e73969b8d0ceec56ba93f_JaffaCakes118.exe	88
PID 2552 wrote to memory of 2136	2552	d74a0e54e92e73969b8d0ceec56ba93f_JaffaCakes118.exe	88
PID 2552 wrote to memory of 2136	2552	d74a0e54e92e73969b8d0ceec56ba93f_JaffaCakes118.exe	88
PID 2552 wrote to memory of 4476	2552	d74a0e54e92e73969b8d0ceec56ba93f_JaffaCakes118.exe	89
PID 2552 wrote to memory of 4476	2552	d74a0e54e92e73969b8d0ceec56ba93f_JaffaCakes118.exe	89
PID 2552 wrote to memory of 4476	2552	d74a0e54e92e73969b8d0ceec56ba93f_JaffaCakes118.exe	89
PID 2552 wrote to memory of 4912	2552	d74a0e54e92e73969b8d0ceec56ba93f_JaffaCakes118.exe	90
PID 2552 wrote to memory of 4912	2552	d74a0e54e92e73969b8d0ceec56ba93f_JaffaCakes118.exe	90
PID 2552 wrote to memory of 4912	2552	d74a0e54e92e73969b8d0ceec56ba93f_JaffaCakes118.exe	90
PID 2552 wrote to memory of 1352	2552	d74a0e54e92e73969b8d0ceec56ba93f_JaffaCakes118.exe	91
PID 2552 wrote to memory of 1352	2552	d74a0e54e92e73969b8d0ceec56ba93f_JaffaCakes118.exe	91
PID 2552 wrote to memory of 1352	2552	d74a0e54e92e73969b8d0ceec56ba93f_JaffaCakes118.exe	91
PID 2552 wrote to memory of 4116	2552	d74a0e54e92e73969b8d0ceec56ba93f_JaffaCakes118.exe	92
PID 2552 wrote to memory of 4116	2552	d74a0e54e92e73969b8d0ceec56ba93f_JaffaCakes118.exe	92
PID 2552 wrote to memory of 4116	2552	d74a0e54e92e73969b8d0ceec56ba93f_JaffaCakes118.exe	92
PID 2552 wrote to memory of 4784	2552	d74a0e54e92e73969b8d0ceec56ba93f_JaffaCakes118.exe	93
PID 2552 wrote to memory of 4784	2552	d74a0e54e92e73969b8d0ceec56ba93f_JaffaCakes118.exe	93
PID 2552 wrote to memory of 4784	2552	d74a0e54e92e73969b8d0ceec56ba93f_JaffaCakes118.exe	93
PID 2552 wrote to memory of 3372	2552	d74a0e54e92e73969b8d0ceec56ba93f_JaffaCakes118.exe	94
PID 2552 wrote to memory of 3372	2552	d74a0e54e92e73969b8d0ceec56ba93f_JaffaCakes118.exe	94
PID 2552 wrote to memory of 3372	2552	d74a0e54e92e73969b8d0ceec56ba93f_JaffaCakes118.exe	94
PID 2552 wrote to memory of 4520	2552	d74a0e54e92e73969b8d0ceec56ba93f_JaffaCakes118.exe	95
PID 2552 wrote to memory of 4520	2552	d74a0e54e92e73969b8d0ceec56ba93f_JaffaCakes118.exe	95
PID 2552 wrote to memory of 4520	2552	d74a0e54e92e73969b8d0ceec56ba93f_JaffaCakes118.exe	95
PID 2552 wrote to memory of 4152	2552	d74a0e54e92e73969b8d0ceec56ba93f_JaffaCakes118.exe	96
PID 2552 wrote to memory of 4152	2552	d74a0e54e92e73969b8d0ceec56ba93f_JaffaCakes118.exe	96
PID 2552 wrote to memory of 4152	2552	d74a0e54e92e73969b8d0ceec56ba93f_JaffaCakes118.exe	96
PID 2552 wrote to memory of 3648	2552	d74a0e54e92e73969b8d0ceec56ba93f_JaffaCakes118.exe	97
PID 2552 wrote to memory of 3648	2552	d74a0e54e92e73969b8d0ceec56ba93f_JaffaCakes118.exe	97
PID 2552 wrote to memory of 3648	2552	d74a0e54e92e73969b8d0ceec56ba93f_JaffaCakes118.exe	97
PID 2552 wrote to memory of 3564	2552	d74a0e54e92e73969b8d0ceec56ba93f_JaffaCakes118.exe	98
PID 2552 wrote to memory of 3564	2552	d74a0e54e92e73969b8d0ceec56ba93f_JaffaCakes118.exe	98
PID 2552 wrote to memory of 3564	2552	d74a0e54e92e73969b8d0ceec56ba93f_JaffaCakes118.exe	98
PID 2552 wrote to memory of 3632	2552	d74a0e54e92e73969b8d0ceec56ba93f_JaffaCakes118.exe	99
PID 2552 wrote to memory of 3632	2552	d74a0e54e92e73969b8d0ceec56ba93f_JaffaCakes118.exe	99
PID 2552 wrote to memory of 3632	2552	d74a0e54e92e73969b8d0ceec56ba93f_JaffaCakes118.exe	99
PID 2552 wrote to memory of 3644	2552	d74a0e54e92e73969b8d0ceec56ba93f_JaffaCakes118.exe	100
PID 2552 wrote to memory of 3644	2552	d74a0e54e92e73969b8d0ceec56ba93f_JaffaCakes118.exe	100
PID 2552 wrote to memory of 3644	2552	d74a0e54e92e73969b8d0ceec56ba93f_JaffaCakes118.exe	100
PID 2552 wrote to memory of 3536	2552	d74a0e54e92e73969b8d0ceec56ba93f_JaffaCakes118.exe	101
PID 2552 wrote to memory of 3536	2552	d74a0e54e92e73969b8d0ceec56ba93f_JaffaCakes118.exe	101
PID 2552 wrote to memory of 3536	2552	d74a0e54e92e73969b8d0ceec56ba93f_JaffaCakes118.exe	101
PID 2552 wrote to memory of 2960	2552	d74a0e54e92e73969b8d0ceec56ba93f_JaffaCakes118.exe	102
PID 2552 wrote to memory of 2960	2552	d74a0e54e92e73969b8d0ceec56ba93f_JaffaCakes118.exe	102
PID 2552 wrote to memory of 2960	2552	d74a0e54e92e73969b8d0ceec56ba93f_JaffaCakes118.exe	102
PID 2552 wrote to memory of 2232	2552	d74a0e54e92e73969b8d0ceec56ba93f_JaffaCakes118.exe	103
PID 2552 wrote to memory of 2232	2552	d74a0e54e92e73969b8d0ceec56ba93f_JaffaCakes118.exe	103
PID 2552 wrote to memory of 2232	2552	d74a0e54e92e73969b8d0ceec56ba93f_JaffaCakes118.exe	103
PID 2552 wrote to memory of 3936	2552	d74a0e54e92e73969b8d0ceec56ba93f_JaffaCakes118.exe	104
PID 2552 wrote to memory of 3936	2552	d74a0e54e92e73969b8d0ceec56ba93f_JaffaCakes118.exe	104
PID 2552 wrote to memory of 3936	2552	d74a0e54e92e73969b8d0ceec56ba93f_JaffaCakes118.exe	104
PID 2552 wrote to memory of 4656	2552	d74a0e54e92e73969b8d0ceec56ba93f_JaffaCakes118.exe	105

C:\Users\Admin\AppData\Local\Temp\d74a0e54e92e73969b8d0ceec56ba93f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d74a0e54e92e73969b8d0ceec56ba93f_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2552
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:2164
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:2672
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:412
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:2136
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:4476
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:4912
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:1352
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:4116
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:4784
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:3372
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:4520
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:4152
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:3648
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:3564
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  PID:3632
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:3644
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:3536
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  PID:3936
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  PID:4656
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  PID:5084
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  PID:5092
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  PID:5096
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  PID:4032
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  PID:4692
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  PID:1444
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:3464
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  PID:4212
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:3552
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  PID:4140
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  PID:4672
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  PID:3484
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  PID:864
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:4084
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  PID:1092
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:3660
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  PID:4544
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  PID:4856
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:3684
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:4396
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:4612
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  PID:3324
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:2108
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:4796
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:1580
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:1932
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:4816
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:4264
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:1828
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:2040
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:3836
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:1228
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  PID:8
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:1544
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  - Executes dropped EXE
  PID:3416
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:992
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:3712
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:4552
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:1388
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5012
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:4256
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:2280
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:2100
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5068
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:3804
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:1132
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:4332
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:4988
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:4408
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:3016
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:2680
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:4664
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:3720
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:2408
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:1656
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:1732
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:3032
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:2196
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:692
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:1668
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:4768
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:3068
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:2276
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:2192
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:3708
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:4448
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:3764
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5004
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:4060
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:964
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:3968
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:2440
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:3820
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:4424
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:1196
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:4780
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:4788
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:3680
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:3500
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:3520
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:1288
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:4156
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:264
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:804
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:3460
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:4860
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:456
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:4076
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:1548
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:3040
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:3512
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:228
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5132
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5144
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5156
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5168
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5184
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5200
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5212
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5224
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5236
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5248
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5260
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5272
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5288
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5300
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5312
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5324
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5340
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5356
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5368
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5380
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5392
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5404
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5416
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5428
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5444
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5456
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5468
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5480
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5492
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5504
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5516
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5532
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5544
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5556
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5568
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5580
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5592
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5604
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5620
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5632
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5644
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5656
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5668
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5680
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5692
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5708
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5720
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5732
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5744
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5756
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5768
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5780
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5796
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5816
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5856
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5896
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5924
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:5960
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6000
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6028
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6060
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6072
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6084
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6096
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6108
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6120
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6136
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:2872
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:2892
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:676
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6148
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6164
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6176
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6188
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6200
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6212
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6224
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6236
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6248
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6264
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6276
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6288
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6300
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6312
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6332
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6344
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6356
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6372
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6388
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6400
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6412
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6424
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6436
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6448
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6460
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6476
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6488
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6500
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6512
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6524
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6540
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6556
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6568
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6580
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6592
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6604
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6616
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6632
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6644
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6656
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6668
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6680
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6692
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6704
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6716
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6728
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6740
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6756
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6768
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6780
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6792
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6804
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6816
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6828
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6840
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6852
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6864
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6876
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6888
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6904
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6916
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6928
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6940
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6956
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6968
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6980
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:6992
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7004
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7016
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7028
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7044
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7056
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7068
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7084
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7096
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7108
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7120
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7132
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7144
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7156
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:3384
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:3872
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7176
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7188
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7200
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7212
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7224
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7240
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7252
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7264
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7276
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7288
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7300
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7312
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7324
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7336
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7348
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7360
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7376
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7388
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7400
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7412
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7424
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7436
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7448
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7460
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7472
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7488
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7500
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7512
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7524
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7536
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7548
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7560
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7572
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7584
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7600
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7612
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7624
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7636
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7648
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7660
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7676
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7688
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7700
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7712
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7724
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7740
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7752
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7764
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7776
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7788
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7800
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7812
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7824
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7836
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7848
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7860
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7876
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7888
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7900
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7912
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7924
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7936
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7952
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7964
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7976
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:7988
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8000
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8012
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8024
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8036
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8052
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8064
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8076
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8088
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8100
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8112
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8124
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8140
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8152
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8164
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8176
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8188
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:4696
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:3148
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:368
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:4924
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:4100
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:4580
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8204
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8220
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8232
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8244
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8256
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8268
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8280
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8296
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8308
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8320
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8332
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8344
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8360
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8372
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8384
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8396
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8408
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8424
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8436
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8448
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8460
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8472
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8488
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8500
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8512
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8524
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8536
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8548
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8560
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8576
- C:\Documents and Settings\tazebama.dl_
  "C:\Documents and Settings\tazebama.dl_"
  2⤵
  PID:8588
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 3632
  2⤵
  - Program crash
  PID:4916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 2552 -ip 2552
1⤵
PID:3876

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\tazebama.dl_

Filesize
157KB

MD5
7ad28b3622198870b43e50fc9893e5b0

SHA1
a3ab1fd83de96c2ebf1138c974ea1736dd04d1fe

SHA256
21455555e3654c57c0fddd872945cba78920dd59bdc1b5845679258e05ef065a

SHA512
a029af858d33f22ad1fe00c95fdbc61c5398ebeacce4f3336bd01e34f50218e2a42d36e01abaf5b94c7278ae1e4965185b84b59ccbfa74f59e9bbab08cece5dd

Download Submit
C:\Users\tazebama.dll

Filesize
32KB

MD5
b6a03576e595afacb37ada2f1d5a0529

SHA1
d598d4d0e70dec2ffa2849edaeb4db94fedcc0b8

SHA256
1707eaf60aa91f3791aa5643bfa038e9d8141878d61f5d701ebac51f4ae7aaad

SHA512
181b7cc6479352fe2c53c3630d45a839cdeb74708be6709c2a75847a54de3ffc1fdac8450270dde7174ecb23e5cb002f8ce39032429a3112b1202f3381b8918c

Download Submit
memory/8-300-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/412-107-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/692-527-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/992-532-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/1044-273-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/1132-544-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/1228-298-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/1352-265-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/1388-540-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/1444-309-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/1544-301-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/1572-310-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/1580-291-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/1656-553-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/1668-557-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/1728-307-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/1732-554-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/1828-295-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/1932-293-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/2040-296-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/2100-542-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/2108-538-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/2136-113-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/2164-169-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/2164-27-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/2192-561-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/2196-556-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/2232-306-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/2248-537-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/2276-560-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/2408-552-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/2552-0-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/2552-24-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/2552-35-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/2552-29-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/2552-23-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/2552-21-0x0000000000402000-0x000000000040E000-memory.dmp

Filesize
48KB

Download
memory/2672-103-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/2680-549-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/2708-528-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/2740-282-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/2832-539-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/2852-275-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/2892-536-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/2960-304-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/3016-548-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/3032-555-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/3068-559-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/3324-531-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/3372-150-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/3416-302-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/3464-311-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/3484-281-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/3536-168-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/3552-278-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/3564-156-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/3632-271-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/3648-154-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/3660-285-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/3684-287-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/3712-533-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/3720-551-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/3804-535-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/3836-297-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/3936-303-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/4032-269-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/4084-283-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/4116-266-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/4140-530-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/4152-270-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/4212-277-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/4212-526-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/4264-294-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/4332-545-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/4396-288-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/4408-547-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/4476-262-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/4520-151-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/4544-286-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/4552-534-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/4612-289-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/4656-274-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/4664-550-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/4672-280-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/4692-276-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/4768-558-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/4784-148-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/4796-290-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/4856-529-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/4912-263-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/4988-546-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/5012-541-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/5068-543-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/5084-267-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/5092-268-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/5096-308-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download