842c192bb3c1902f893da4f45a77aaeeda049c84055f237b113dc380c0e6e6f4

Analysis

max time kernel
299s
max time network
118s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
02-12-2024 13:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

FDR9876567000.exe
Size

833KB
MD5

c517ecc1d57af03affdd6945e1b618d8
SHA1

5c5174ebdf5902ada7c5899b6c0b98f2db363372
SHA256

9a32e0821da4466b858ecfd185f3d9bff232d8a3b44983988c248df05ef7c2ef
SHA512

355c1f39946662b0c16c6a5fa4c387aad03e1dc1c1dd74d650a784fc9e718b890a877937d8d3a26ab62a22385f03e02e6d0faa6d9e07ea3b16151c909596097a
SSDEEP

12288:5quErHF6xC9D6DmR1J98w4oknqOOCyQfY7nPIsUgzp6x0hFxZAXFbuFb7anFbq44:Mrl6kD68JmlotQfgEYpOqFxTlaVXSxz

Score

7^/10

discovery upx

Malware Config

Signatures

Drops startup file 1 IoCs

Processes:

ectosphere.exe

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ectosphere.vbs	ectosphere.exe

Executes dropped EXE 64 IoCs

Processes:

ectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exe

pid	Process
2864	ectosphere.exe
2012	ectosphere.exe
2716	ectosphere.exe
2624	ectosphere.exe
1796	ectosphere.exe
2612	ectosphere.exe
3036	ectosphere.exe
1608	ectosphere.exe
2636	ectosphere.exe
2788	ectosphere.exe
2892	ectosphere.exe
624	ectosphere.exe
848	ectosphere.exe
1624	ectosphere.exe
2352	ectosphere.exe
3044	ectosphere.exe
2236	ectosphere.exe
2088	ectosphere.exe
1136	ectosphere.exe
1852	ectosphere.exe
1476	ectosphere.exe
2032	ectosphere.exe
1592	ectosphere.exe
1528	ectosphere.exe
1320	ectosphere.exe
2996	ectosphere.exe
1524	ectosphere.exe
2868	ectosphere.exe
2860	ectosphere.exe
2596	ectosphere.exe
1372	ectosphere.exe
1620	ectosphere.exe
1724	ectosphere.exe
1044	ectosphere.exe
2120	ectosphere.exe
1428	ectosphere.exe
1216	ectosphere.exe
2920	ectosphere.exe
2448	ectosphere.exe
1780	ectosphere.exe
284	ectosphere.exe
2184	ectosphere.exe
3064	ectosphere.exe
2272	ectosphere.exe
1432	ectosphere.exe
876	ectosphere.exe
1556	ectosphere.exe
1464	ectosphere.exe
1644	ectosphere.exe
3000	ectosphere.exe
1696	ectosphere.exe
2520	ectosphere.exe
1772	ectosphere.exe
2116	ectosphere.exe
1636	ectosphere.exe
3024	ectosphere.exe
2164	ectosphere.exe
2888	ectosphere.exe
1752	ectosphere.exe
2584	ectosphere.exe
2632	ectosphere.exe
2500	ectosphere.exe
3040	ectosphere.exe
1740	ectosphere.exe

Loads dropped DLL 2 IoCs

Processes:

FDR9876567000.exeectosphere.exe

pid	Process
2268	FDR9876567000.exe
2864	ectosphere.exe

AutoIT Executable 64 IoCs

AutoIT scripts compiled to PE executables.

Processes:

resource	yara_rule
behavioral1/memory/2716-53-0x0000000001350000-0x000000000151E000-memory.dmp	autoit_exe
behavioral1/memory/2012-43-0x0000000001350000-0x000000000151E000-memory.dmp	autoit_exe
behavioral1/memory/2012-32-0x0000000001350000-0x000000000151E000-memory.dmp	autoit_exe
behavioral1/memory/2864-31-0x0000000001350000-0x000000000151E000-memory.dmp	autoit_exe
behavioral1/memory/2268-13-0x0000000000EA0000-0x000000000106E000-memory.dmp	autoit_exe
behavioral1/memory/2624-64-0x0000000001350000-0x000000000151E000-memory.dmp	autoit_exe
behavioral1/memory/1796-74-0x0000000001350000-0x000000000151E000-memory.dmp	autoit_exe
behavioral1/memory/2612-85-0x0000000001350000-0x000000000151E000-memory.dmp	autoit_exe
behavioral1/memory/3036-87-0x0000000001350000-0x000000000151E000-memory.dmp	autoit_exe
behavioral1/memory/3036-97-0x0000000001350000-0x000000000151E000-memory.dmp	autoit_exe
behavioral1/memory/1608-98-0x0000000001350000-0x000000000151E000-memory.dmp	autoit_exe
behavioral1/memory/1608-108-0x0000000001350000-0x000000000151E000-memory.dmp	autoit_exe
behavioral1/memory/2636-118-0x0000000001350000-0x000000000151E000-memory.dmp	autoit_exe
behavioral1/memory/2788-119-0x0000000001350000-0x000000000151E000-memory.dmp	autoit_exe
behavioral1/memory/2788-129-0x0000000001350000-0x000000000151E000-memory.dmp	autoit_exe
behavioral1/memory/2892-140-0x0000000001350000-0x000000000151E000-memory.dmp	autoit_exe
behavioral1/memory/624-141-0x0000000001350000-0x000000000151E000-memory.dmp	autoit_exe
behavioral1/memory/624-151-0x0000000001350000-0x000000000151E000-memory.dmp	autoit_exe
behavioral1/memory/848-162-0x0000000001350000-0x000000000151E000-memory.dmp	autoit_exe
behavioral1/memory/1624-173-0x0000000001350000-0x000000000151E000-memory.dmp	autoit_exe
behavioral1/memory/2352-183-0x0000000001350000-0x000000000151E000-memory.dmp	autoit_exe
behavioral1/memory/3044-184-0x0000000001350000-0x000000000151E000-memory.dmp	autoit_exe
behavioral1/memory/3044-194-0x0000000001350000-0x000000000151E000-memory.dmp	autoit_exe
behavioral1/memory/2236-204-0x0000000001350000-0x000000000151E000-memory.dmp	autoit_exe
behavioral1/memory/2088-205-0x0000000001350000-0x000000000151E000-memory.dmp	autoit_exe
behavioral1/memory/2088-215-0x0000000001350000-0x000000000151E000-memory.dmp	autoit_exe
behavioral1/memory/1136-225-0x0000000001350000-0x000000000151E000-memory.dmp	autoit_exe
behavioral1/memory/1852-226-0x0000000001350000-0x000000000151E000-memory.dmp	autoit_exe
behavioral1/memory/1476-237-0x0000000001350000-0x000000000151E000-memory.dmp	autoit_exe
behavioral1/memory/1852-236-0x0000000001350000-0x000000000151E000-memory.dmp	autoit_exe
behavioral1/memory/1476-247-0x0000000001350000-0x000000000151E000-memory.dmp	autoit_exe
behavioral1/memory/2032-248-0x0000000001350000-0x000000000151E000-memory.dmp	autoit_exe
behavioral1/memory/1592-259-0x0000000001350000-0x000000000151E000-memory.dmp	autoit_exe
behavioral1/memory/2032-258-0x0000000001350000-0x000000000151E000-memory.dmp	autoit_exe
behavioral1/memory/1592-269-0x0000000001350000-0x000000000151E000-memory.dmp	autoit_exe
behavioral1/memory/1528-270-0x0000000001350000-0x000000000151E000-memory.dmp	autoit_exe
behavioral1/memory/1528-280-0x0000000001350000-0x000000000151E000-memory.dmp	autoit_exe
behavioral1/memory/1320-290-0x0000000001350000-0x000000000151E000-memory.dmp	autoit_exe
behavioral1/memory/2996-291-0x0000000001350000-0x000000000151E000-memory.dmp	autoit_exe
behavioral1/memory/1524-302-0x0000000001350000-0x000000000151E000-memory.dmp	autoit_exe
behavioral1/memory/2996-301-0x0000000001350000-0x000000000151E000-memory.dmp	autoit_exe
behavioral1/memory/1524-312-0x0000000001350000-0x000000000151E000-memory.dmp	autoit_exe
behavioral1/memory/2868-313-0x0000000001350000-0x000000000151E000-memory.dmp	autoit_exe
behavioral1/memory/2868-323-0x0000000001350000-0x000000000151E000-memory.dmp	autoit_exe
behavioral1/memory/2860-334-0x0000000001350000-0x000000000151E000-memory.dmp	autoit_exe
behavioral1/memory/2596-335-0x0000000001350000-0x000000000151E000-memory.dmp	autoit_exe
behavioral1/memory/2596-345-0x0000000001350000-0x000000000151E000-memory.dmp	autoit_exe
behavioral1/memory/1372-354-0x0000000001350000-0x000000000151E000-memory.dmp	autoit_exe
behavioral1/memory/1620-355-0x0000000001350000-0x000000000151E000-memory.dmp	autoit_exe
behavioral1/memory/1620-363-0x0000000001350000-0x000000000151E000-memory.dmp	autoit_exe
behavioral1/memory/1724-372-0x0000000001350000-0x000000000151E000-memory.dmp	autoit_exe
behavioral1/memory/1044-381-0x0000000001350000-0x000000000151E000-memory.dmp	autoit_exe
behavioral1/memory/2120-382-0x0000000001350000-0x000000000151E000-memory.dmp	autoit_exe
behavioral1/memory/2120-390-0x0000000001350000-0x000000000151E000-memory.dmp	autoit_exe
behavioral1/memory/1428-398-0x0000000001350000-0x000000000151E000-memory.dmp	autoit_exe
behavioral1/memory/1216-407-0x0000000001350000-0x000000000151E000-memory.dmp	autoit_exe
behavioral1/memory/2920-408-0x0000000001350000-0x000000000151E000-memory.dmp	autoit_exe
behavioral1/memory/2920-416-0x0000000001350000-0x000000000151E000-memory.dmp	autoit_exe
behavioral1/memory/2448-425-0x0000000001350000-0x000000000151E000-memory.dmp	autoit_exe
behavioral1/memory/1780-426-0x0000000001350000-0x000000000151E000-memory.dmp	autoit_exe
behavioral1/memory/1780-434-0x0000000001350000-0x000000000151E000-memory.dmp	autoit_exe
behavioral1/memory/284-443-0x0000000001350000-0x000000000151E000-memory.dmp	autoit_exe
behavioral1/memory/2184-444-0x0000000001350000-0x000000000151E000-memory.dmp	autoit_exe
behavioral1/memory/2184-452-0x0000000001350000-0x000000000151E000-memory.dmp	autoit_exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2624-54-0x0000000001350000-0x000000000151E000-memory.dmp	upx
behavioral1/files/0x0006000000018718-51.dat	upx
behavioral1/memory/2716-53-0x0000000001350000-0x000000000151E000-memory.dmp	upx
behavioral1/memory/2012-43-0x0000000001350000-0x000000000151E000-memory.dmp	upx
behavioral1/memory/2012-32-0x0000000001350000-0x000000000151E000-memory.dmp	upx
behavioral1/memory/2864-31-0x0000000001350000-0x000000000151E000-memory.dmp	upx
behavioral1/memory/2864-29-0x0000000002BF0000-0x0000000002DBE000-memory.dmp	upx
behavioral1/memory/2864-16-0x0000000001350000-0x000000000151E000-memory.dmp	upx
behavioral1/memory/2268-13-0x0000000000EA0000-0x000000000106E000-memory.dmp	upx
behavioral1/memory/2268-0-0x0000000000EA0000-0x000000000106E000-memory.dmp	upx
behavioral1/memory/2624-64-0x0000000001350000-0x000000000151E000-memory.dmp	upx
behavioral1/memory/2612-75-0x0000000001350000-0x000000000151E000-memory.dmp	upx
behavioral1/memory/1796-74-0x0000000001350000-0x000000000151E000-memory.dmp	upx
behavioral1/memory/2612-85-0x0000000001350000-0x000000000151E000-memory.dmp	upx
behavioral1/memory/3036-87-0x0000000001350000-0x000000000151E000-memory.dmp	upx
behavioral1/memory/3036-97-0x0000000001350000-0x000000000151E000-memory.dmp	upx
behavioral1/memory/1608-98-0x0000000001350000-0x000000000151E000-memory.dmp	upx
behavioral1/memory/1608-108-0x0000000001350000-0x000000000151E000-memory.dmp	upx
behavioral1/memory/2636-118-0x0000000001350000-0x000000000151E000-memory.dmp	upx
behavioral1/memory/2788-119-0x0000000001350000-0x000000000151E000-memory.dmp	upx
behavioral1/memory/2788-129-0x0000000001350000-0x000000000151E000-memory.dmp	upx
behavioral1/memory/2892-130-0x0000000001350000-0x000000000151E000-memory.dmp	upx
behavioral1/memory/2892-140-0x0000000001350000-0x000000000151E000-memory.dmp	upx
behavioral1/memory/624-141-0x0000000001350000-0x000000000151E000-memory.dmp	upx
behavioral1/memory/624-151-0x0000000001350000-0x000000000151E000-memory.dmp	upx
behavioral1/memory/848-152-0x0000000001350000-0x000000000151E000-memory.dmp	upx
behavioral1/memory/1624-163-0x0000000001350000-0x000000000151E000-memory.dmp	upx
behavioral1/memory/848-162-0x0000000001350000-0x000000000151E000-memory.dmp	upx
behavioral1/memory/1624-173-0x0000000001350000-0x000000000151E000-memory.dmp	upx
behavioral1/memory/2352-183-0x0000000001350000-0x000000000151E000-memory.dmp	upx
behavioral1/memory/3044-184-0x0000000001350000-0x000000000151E000-memory.dmp	upx
behavioral1/memory/3044-194-0x0000000001350000-0x000000000151E000-memory.dmp	upx
behavioral1/memory/2236-204-0x0000000001350000-0x000000000151E000-memory.dmp	upx
behavioral1/memory/2088-205-0x0000000001350000-0x000000000151E000-memory.dmp	upx
behavioral1/memory/2088-215-0x0000000001350000-0x000000000151E000-memory.dmp	upx
behavioral1/memory/1136-225-0x0000000001350000-0x000000000151E000-memory.dmp	upx
behavioral1/memory/1852-226-0x0000000001350000-0x000000000151E000-memory.dmp	upx
behavioral1/memory/1476-237-0x0000000001350000-0x000000000151E000-memory.dmp	upx
behavioral1/memory/1852-236-0x0000000001350000-0x000000000151E000-memory.dmp	upx
behavioral1/memory/1476-247-0x0000000001350000-0x000000000151E000-memory.dmp	upx
behavioral1/memory/2032-248-0x0000000001350000-0x000000000151E000-memory.dmp	upx
behavioral1/memory/1592-259-0x0000000001350000-0x000000000151E000-memory.dmp	upx
behavioral1/memory/2032-258-0x0000000001350000-0x000000000151E000-memory.dmp	upx
behavioral1/memory/1592-269-0x0000000001350000-0x000000000151E000-memory.dmp	upx
behavioral1/memory/1528-270-0x0000000001350000-0x000000000151E000-memory.dmp	upx
behavioral1/memory/1528-280-0x0000000001350000-0x000000000151E000-memory.dmp	upx
behavioral1/memory/1320-290-0x0000000001350000-0x000000000151E000-memory.dmp	upx
behavioral1/memory/2996-291-0x0000000001350000-0x000000000151E000-memory.dmp	upx
behavioral1/memory/1524-302-0x0000000001350000-0x000000000151E000-memory.dmp	upx
behavioral1/memory/2996-301-0x0000000001350000-0x000000000151E000-memory.dmp	upx
behavioral1/memory/1524-312-0x0000000001350000-0x000000000151E000-memory.dmp	upx
behavioral1/memory/2868-313-0x0000000001350000-0x000000000151E000-memory.dmp	upx
behavioral1/memory/2868-323-0x0000000001350000-0x000000000151E000-memory.dmp	upx
behavioral1/memory/2860-324-0x0000000001350000-0x000000000151E000-memory.dmp	upx
behavioral1/memory/2860-334-0x0000000001350000-0x000000000151E000-memory.dmp	upx
behavioral1/memory/2596-335-0x0000000001350000-0x000000000151E000-memory.dmp	upx
behavioral1/memory/1372-346-0x0000000001350000-0x000000000151E000-memory.dmp	upx
behavioral1/memory/2596-345-0x0000000001350000-0x000000000151E000-memory.dmp	upx
behavioral1/memory/1372-354-0x0000000001350000-0x000000000151E000-memory.dmp	upx
behavioral1/memory/1620-355-0x0000000001350000-0x000000000151E000-memory.dmp	upx
behavioral1/memory/1724-364-0x0000000001350000-0x000000000151E000-memory.dmp	upx
behavioral1/memory/1620-363-0x0000000001350000-0x000000000151E000-memory.dmp	upx
behavioral1/memory/1044-373-0x0000000001350000-0x000000000151E000-memory.dmp	upx
behavioral1/memory/1724-372-0x0000000001350000-0x000000000151E000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ectosphere.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ectosphere.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ectosphere.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ectosphere.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ectosphere.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ectosphere.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ectosphere.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ectosphere.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ectosphere.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ectosphere.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ectosphere.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ectosphere.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ectosphere.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ectosphere.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ectosphere.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ectosphere.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ectosphere.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ectosphere.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ectosphere.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ectosphere.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ectosphere.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ectosphere.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ectosphere.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ectosphere.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ectosphere.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ectosphere.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ectosphere.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ectosphere.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ectosphere.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ectosphere.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ectosphere.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ectosphere.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ectosphere.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ectosphere.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ectosphere.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ectosphere.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ectosphere.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ectosphere.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ectosphere.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ectosphere.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ectosphere.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ectosphere.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ectosphere.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ectosphere.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ectosphere.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ectosphere.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ectosphere.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ectosphere.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ectosphere.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ectosphere.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ectosphere.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ectosphere.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ectosphere.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ectosphere.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ectosphere.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ectosphere.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ectosphere.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ectosphere.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ectosphere.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ectosphere.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ectosphere.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ectosphere.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ectosphere.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ectosphere.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

FDR9876567000.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exeectosphere.exe

pid	Process
2268	FDR9876567000.exe
2268	FDR9876567000.exe
2864	ectosphere.exe
2864	ectosphere.exe
2012	ectosphere.exe
2012	ectosphere.exe
2716	ectosphere.exe
2716	ectosphere.exe
2624	ectosphere.exe
2624	ectosphere.exe
1796	ectosphere.exe
1796	ectosphere.exe
2612	ectosphere.exe
2612	ectosphere.exe
3036	ectosphere.exe
3036	ectosphere.exe
1608	ectosphere.exe
1608	ectosphere.exe
2636	ectosphere.exe
2636	ectosphere.exe
2788	ectosphere.exe
2788	ectosphere.exe
2892	ectosphere.exe
2892	ectosphere.exe
624	ectosphere.exe
624	ectosphere.exe
848	ectosphere.exe
848	ectosphere.exe
1624	ectosphere.exe
1624	ectosphere.exe
2352	ectosphere.exe
2352	ectosphere.exe
3044	ectosphere.exe
3044	ectosphere.exe
2236	ectosphere.exe
2236	ectosphere.exe
2088	ectosphere.exe
2088	ectosphere.exe
1136	ectosphere.exe
1136	ectosphere.exe
1852	ectosphere.exe
1852	ectosphere.exe
1476	ectosphere.exe
1476	ectosphere.exe
2032	ectosphere.exe
2032	ectosphere.exe
1592	ectosphere.exe
1592	ectosphere.exe
1528	ectosphere.exe
1528	ectosphere.exe
1320	ectosphere.exe
1320	ectosphere.exe
2996	ectosphere.exe
2996	ectosphere.exe
1524	ectosphere.exe
1524	ectosphere.exe
2868	ectosphere.exe
2868	ectosphere.exe
2860	ectosphere.exe
2860	ectosphere.exe
2596	ectosphere.exe
2596	ectosphere.exe
1372	ectosphere.exe
1372	ectosphere.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

pid	Process
2268	FDR9876567000.exe
2268	FDR9876567000.exe
2864	ectosphere.exe
2864	ectosphere.exe
2012	ectosphere.exe
2012	ectosphere.exe
2716	ectosphere.exe
2716	ectosphere.exe
2624	ectosphere.exe
2624	ectosphere.exe
1796	ectosphere.exe
1796	ectosphere.exe
2612	ectosphere.exe
2612	ectosphere.exe
3036	ectosphere.exe
3036	ectosphere.exe
1608	ectosphere.exe
1608	ectosphere.exe
2636	ectosphere.exe
2636	ectosphere.exe
2788	ectosphere.exe
2788	ectosphere.exe
2892	ectosphere.exe
2892	ectosphere.exe
624	ectosphere.exe
624	ectosphere.exe
848	ectosphere.exe
848	ectosphere.exe
1624	ectosphere.exe
1624	ectosphere.exe
2352	ectosphere.exe
2352	ectosphere.exe
3044	ectosphere.exe
3044	ectosphere.exe
2236	ectosphere.exe
2236	ectosphere.exe
2088	ectosphere.exe
2088	ectosphere.exe
1136	ectosphere.exe
1136	ectosphere.exe
1852	ectosphere.exe
1852	ectosphere.exe
1476	ectosphere.exe
1476	ectosphere.exe
2032	ectosphere.exe
2032	ectosphere.exe
1592	ectosphere.exe
1592	ectosphere.exe
1528	ectosphere.exe
1528	ectosphere.exe
1320	ectosphere.exe
1320	ectosphere.exe
2996	ectosphere.exe
2996	ectosphere.exe
1524	ectosphere.exe
1524	ectosphere.exe
2868	ectosphere.exe
2868	ectosphere.exe
2860	ectosphere.exe
2860	ectosphere.exe
2596	ectosphere.exe
2596	ectosphere.exe
1372	ectosphere.exe
1372	ectosphere.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

description	pid	Process	procid_target
PID 2268 wrote to memory of 2864	2268	FDR9876567000.exe	30
PID 2268 wrote to memory of 2864	2268	FDR9876567000.exe	30
PID 2268 wrote to memory of 2864	2268	FDR9876567000.exe	30
PID 2268 wrote to memory of 2864	2268	FDR9876567000.exe	30
PID 2864 wrote to memory of 2012	2864	ectosphere.exe	31
PID 2864 wrote to memory of 2012	2864	ectosphere.exe	31
PID 2864 wrote to memory of 2012	2864	ectosphere.exe	31
PID 2864 wrote to memory of 2012	2864	ectosphere.exe	31
PID 2012 wrote to memory of 2716	2012	ectosphere.exe	32
PID 2012 wrote to memory of 2716	2012	ectosphere.exe	32
PID 2012 wrote to memory of 2716	2012	ectosphere.exe	32
PID 2012 wrote to memory of 2716	2012	ectosphere.exe	32
PID 2716 wrote to memory of 2624	2716	ectosphere.exe	33
PID 2716 wrote to memory of 2624	2716	ectosphere.exe	33
PID 2716 wrote to memory of 2624	2716	ectosphere.exe	33
PID 2716 wrote to memory of 2624	2716	ectosphere.exe	33
PID 2624 wrote to memory of 1796	2624	ectosphere.exe	34
PID 2624 wrote to memory of 1796	2624	ectosphere.exe	34
PID 2624 wrote to memory of 1796	2624	ectosphere.exe	34
PID 2624 wrote to memory of 1796	2624	ectosphere.exe	34
PID 1796 wrote to memory of 2612	1796	ectosphere.exe	35
PID 1796 wrote to memory of 2612	1796	ectosphere.exe	35
PID 1796 wrote to memory of 2612	1796	ectosphere.exe	35
PID 1796 wrote to memory of 2612	1796	ectosphere.exe	35
PID 2612 wrote to memory of 3036	2612	ectosphere.exe	36
PID 2612 wrote to memory of 3036	2612	ectosphere.exe	36
PID 2612 wrote to memory of 3036	2612	ectosphere.exe	36
PID 2612 wrote to memory of 3036	2612	ectosphere.exe	36
PID 3036 wrote to memory of 1608	3036	ectosphere.exe	37
PID 3036 wrote to memory of 1608	3036	ectosphere.exe	37
PID 3036 wrote to memory of 1608	3036	ectosphere.exe	37
PID 3036 wrote to memory of 1608	3036	ectosphere.exe	37
PID 1608 wrote to memory of 2636	1608	ectosphere.exe	38
PID 1608 wrote to memory of 2636	1608	ectosphere.exe	38
PID 1608 wrote to memory of 2636	1608	ectosphere.exe	38
PID 1608 wrote to memory of 2636	1608	ectosphere.exe	38
PID 2636 wrote to memory of 2788	2636	ectosphere.exe	39
PID 2636 wrote to memory of 2788	2636	ectosphere.exe	39
PID 2636 wrote to memory of 2788	2636	ectosphere.exe	39
PID 2636 wrote to memory of 2788	2636	ectosphere.exe	39
PID 2788 wrote to memory of 2892	2788	ectosphere.exe	40
PID 2788 wrote to memory of 2892	2788	ectosphere.exe	40
PID 2788 wrote to memory of 2892	2788	ectosphere.exe	40
PID 2788 wrote to memory of 2892	2788	ectosphere.exe	40
PID 2892 wrote to memory of 624	2892	ectosphere.exe	41
PID 2892 wrote to memory of 624	2892	ectosphere.exe	41
PID 2892 wrote to memory of 624	2892	ectosphere.exe	41
PID 2892 wrote to memory of 624	2892	ectosphere.exe	41
PID 624 wrote to memory of 848	624	ectosphere.exe	42
PID 624 wrote to memory of 848	624	ectosphere.exe	42
PID 624 wrote to memory of 848	624	ectosphere.exe	42
PID 624 wrote to memory of 848	624	ectosphere.exe	42
PID 848 wrote to memory of 1624	848	ectosphere.exe	43
PID 848 wrote to memory of 1624	848	ectosphere.exe	43
PID 848 wrote to memory of 1624	848	ectosphere.exe	43
PID 848 wrote to memory of 1624	848	ectosphere.exe	43
PID 1624 wrote to memory of 2352	1624	ectosphere.exe	44
PID 1624 wrote to memory of 2352	1624	ectosphere.exe	44
PID 1624 wrote to memory of 2352	1624	ectosphere.exe	44
PID 1624 wrote to memory of 2352	1624	ectosphere.exe	44
PID 2352 wrote to memory of 3044	2352	ectosphere.exe	45
PID 2352 wrote to memory of 3044	2352	ectosphere.exe	45
PID 2352 wrote to memory of 3044	2352	ectosphere.exe	45
PID 2352 wrote to memory of 3044	2352	ectosphere.exe	45

C:\Users\Admin\AppData\Local\Temp\FDR9876567000.exe
"C:\Users\Admin\AppData\Local\Temp\FDR9876567000.exe"
1⤵
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2268
- C:\Users\Admin\AppData\Local\snails\ectosphere.exe
  "C:\Users\Admin\AppData\Local\Temp\FDR9876567000.exe"
  2⤵
  - Drops startup file
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2864
- - C:\Users\Admin\AppData\Local\snails\ectosphere.exe
    "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:2012
  - - C:\Users\Admin\AppData\Local\snails\ectosphere.exe
      "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of WriteProcessMemory
      PID:2716
    - - C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        5⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2624
      - C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        6⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        7⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        8⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        9⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        10⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        11⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        12⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        13⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:624
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        14⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:848
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        15⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        16⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        17⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        18⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        19⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        20⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        21⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        22⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        23⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        24⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        25⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        26⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        27⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        28⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        29⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        30⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        31⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        32⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        33⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        34⤵
        Executes dropped EXE
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        35⤵
        Executes dropped EXE
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        36⤵
        Executes dropped EXE
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        37⤵
        Executes dropped EXE
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        38⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        39⤵
        Executes dropped EXE
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        40⤵
        Executes dropped EXE
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        41⤵
        Executes dropped EXE
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        42⤵
        Executes dropped EXE
        
        PID:284
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        43⤵
        Executes dropped EXE
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        44⤵
        Executes dropped EXE
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        45⤵
        Executes dropped EXE
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        46⤵
        Executes dropped EXE
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        47⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:876
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        48⤵
        Executes dropped EXE
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        49⤵
        Executes dropped EXE
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        50⤵
        Executes dropped EXE
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        51⤵
        Executes dropped EXE
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        52⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        53⤵
        Executes dropped EXE
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        54⤵
        Executes dropped EXE
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        55⤵
        Executes dropped EXE
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        56⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        57⤵
        Executes dropped EXE
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        58⤵
        Executes dropped EXE
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        59⤵
        Executes dropped EXE
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        60⤵
        Executes dropped EXE
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        61⤵
        Executes dropped EXE
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        62⤵
        Executes dropped EXE
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        63⤵
        Executes dropped EXE
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        64⤵
        Executes dropped EXE
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        65⤵
        Executes dropped EXE
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        66⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        67⤵
        System Location Discovery: System Language Discovery
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        68⤵
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        69⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        70⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        71⤵
        System Location Discovery: System Language Discovery
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        72⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        73⤵
        System Location Discovery: System Language Discovery
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        74⤵
        System Location Discovery: System Language Discovery
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        75⤵
        
        PID:824
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        76⤵
        
        PID:292
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        77⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        78⤵
        
        PID:1204
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        79⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        80⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        81⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        82⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        83⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        84⤵
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        85⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        86⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        87⤵
        System Location Discovery: System Language Discovery
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        88⤵
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        89⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        90⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        91⤵
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        92⤵
        
        PID:868
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        93⤵
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        94⤵
        
        PID:856
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        95⤵
        
        PID:976
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        96⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        97⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        98⤵
        System Location Discovery: System Language Discovery
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        99⤵
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        100⤵
        System Location Discovery: System Language Discovery
        
        PID:560
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        101⤵
        System Location Discovery: System Language Discovery
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        102⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        103⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        104⤵
        
        PID:656
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        105⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        106⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        107⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        108⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        109⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        110⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        111⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        112⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        113⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        114⤵
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        115⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        116⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        117⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        118⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        119⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        120⤵
        System Location Discovery: System Language Discovery
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        121⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        122⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        123⤵
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        124⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        125⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        126⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        127⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        128⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        129⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        130⤵
        
        PID:1412
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        131⤵
        
        PID:468
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        132⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        133⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        134⤵
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        135⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        136⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        137⤵
        System Location Discovery: System Language Discovery
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        138⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        139⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        140⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        141⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        142⤵
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        143⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        144⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        145⤵
        System Location Discovery: System Language Discovery
        
        PID:592
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        146⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        147⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        148⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        149⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        150⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        151⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        152⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        153⤵
        System Location Discovery: System Language Discovery
        
        PID:752
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        154⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        155⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        156⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        157⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        158⤵
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        159⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        160⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        161⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        162⤵
        
        PID:612
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        163⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        164⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        165⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        166⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        167⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        168⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        169⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        170⤵
        
        PID:352
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        171⤵
        
        PID:916
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        172⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        173⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        174⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        175⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        176⤵
        
        PID:552
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        177⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        178⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        179⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        180⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        181⤵
        
        PID:1264
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        182⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        183⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        184⤵
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        185⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        186⤵
        System Location Discovery: System Language Discovery
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        187⤵
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        188⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        189⤵
        
        PID:632
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        190⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        191⤵
        System Location Discovery: System Language Discovery
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        192⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        193⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        194⤵
        System Location Discovery: System Language Discovery
        
        PID:780
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        195⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        196⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        197⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        198⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        199⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        200⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        201⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        202⤵
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        203⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        204⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        205⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        206⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        207⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        208⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        209⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        210⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        211⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        212⤵
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        213⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        214⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        215⤵
        System Location Discovery: System Language Discovery
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        216⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        217⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        218⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        219⤵
        System Location Discovery: System Language Discovery
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        220⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        221⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        222⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        223⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        224⤵
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        225⤵
        System Location Discovery: System Language Discovery
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        226⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        227⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        228⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        229⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        230⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        231⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        232⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        233⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        234⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        235⤵
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        236⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        237⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        238⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        239⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        240⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        241⤵
        System Location Discovery: System Language Discovery
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        242⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        243⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        244⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        245⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        246⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        247⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        248⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        249⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        250⤵
        System Location Discovery: System Language Discovery
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        251⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        252⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        253⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        254⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        255⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        256⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        257⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        258⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        259⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        260⤵
        System Location Discovery: System Language Discovery
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        261⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        262⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        263⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        264⤵
        System Location Discovery: System Language Discovery
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        265⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        266⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        267⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        268⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        269⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        270⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        271⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        272⤵
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        273⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        274⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        275⤵
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        276⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        277⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        278⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        279⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        280⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        281⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        282⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        283⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        284⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        285⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        286⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        287⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        288⤵
        
        PID:788
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        289⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        290⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        291⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        292⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        293⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        294⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        295⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        296⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        297⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        298⤵
        System Location Discovery: System Language Discovery
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        299⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        300⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        301⤵
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        302⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        303⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        304⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        305⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        306⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        307⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        308⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        309⤵
        System Location Discovery: System Language Discovery
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        310⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        311⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        312⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        313⤵
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        314⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        315⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        316⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        317⤵
        System Location Discovery: System Language Discovery
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        318⤵
        System Location Discovery: System Language Discovery
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        319⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        320⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        321⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        322⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        323⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        324⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        325⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        326⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        327⤵
        System Location Discovery: System Language Discovery
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        328⤵
        
        PID:4188
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        329⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        330⤵
        
        PID:4264
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        331⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        332⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        333⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        334⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        335⤵
        System Location Discovery: System Language Discovery
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        336⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        337⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        338⤵
        System Location Discovery: System Language Discovery
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        339⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        340⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        341⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        342⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        343⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        344⤵
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        345⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        346⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        347⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        348⤵
        System Location Discovery: System Language Discovery
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        349⤵
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        350⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        351⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        352⤵
        System Location Discovery: System Language Discovery
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        353⤵
        System Location Discovery: System Language Discovery
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        354⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        355⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        356⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        357⤵
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        358⤵
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        359⤵
        System Location Discovery: System Language Discovery
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        360⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        361⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        362⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        363⤵
        System Location Discovery: System Language Discovery
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        364⤵
        System Location Discovery: System Language Discovery
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        365⤵
        
        PID:4668
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        366⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        367⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        368⤵
        
        PID:4820
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        369⤵
        System Location Discovery: System Language Discovery
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        370⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        371⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        372⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        373⤵
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        374⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        375⤵
        System Location Discovery: System Language Discovery
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        376⤵
        
        PID:4184
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        377⤵
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        378⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        379⤵
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        380⤵
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        381⤵
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        382⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        383⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        384⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        385⤵
        
        PID:4740
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        386⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        387⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        388⤵
        System Location Discovery: System Language Discovery
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        389⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        390⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        391⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        392⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        393⤵
        
        PID:4148
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        394⤵
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        395⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        396⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        397⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        398⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        399⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        400⤵
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        401⤵
        System Location Discovery: System Language Discovery
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        402⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        403⤵
        
        PID:4928
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        404⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        405⤵
        System Location Discovery: System Language Discovery
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        406⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        407⤵
        
        PID:4208
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        408⤵
        System Location Discovery: System Language Discovery
        
        PID:4204
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        409⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        410⤵
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        411⤵
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        412⤵
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        413⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        414⤵
        System Location Discovery: System Language Discovery
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        415⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        416⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        417⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        418⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        419⤵
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        420⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        421⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        422⤵
        
        PID:4624
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        423⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        424⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        425⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        426⤵
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        427⤵
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        428⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        429⤵
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        430⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        431⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        432⤵
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        433⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        434⤵
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        435⤵
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        436⤵
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        437⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        438⤵
        
        PID:4144
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        439⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        440⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        441⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        442⤵
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        443⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        444⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        445⤵
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        446⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        447⤵
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        448⤵
        
        PID:4400
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        449⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        450⤵
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        451⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        452⤵
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        453⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        454⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        455⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        456⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        457⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        458⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        459⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        460⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        461⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        462⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        463⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        464⤵
        System Location Discovery: System Language Discovery
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        465⤵
        System Location Discovery: System Language Discovery
        
        PID:5404
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        466⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        467⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        468⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        469⤵
        System Location Discovery: System Language Discovery
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        470⤵
        System Location Discovery: System Language Discovery
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        471⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        472⤵
        System Location Discovery: System Language Discovery
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        473⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        474⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        475⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        476⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        477⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        478⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        479⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        480⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        481⤵
        System Location Discovery: System Language Discovery
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        482⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        483⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        484⤵
        System Location Discovery: System Language Discovery
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        485⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        486⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        487⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        488⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        489⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        490⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        491⤵
        
        PID:5432
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        492⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        493⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        494⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        495⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        496⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        497⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        498⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        499⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        500⤵
        
        PID:5824
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        501⤵
        System Location Discovery: System Language Discovery
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        502⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        503⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        504⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        505⤵
        
        PID:6112
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        506⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        507⤵
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        508⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        509⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        510⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        511⤵
        System Location Discovery: System Language Discovery
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        512⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\snails\ectosphere.exe
        
        "C:\Users\Admin\AppData\Local\snails\ectosphere.exe"
        513⤵
        System Location Discovery: System Language Discovery
        
        PID:5476

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Hezron

Filesize
481KB

MD5
160d0cde45bf6a648bc8f7b0a0c4d9a4

SHA1
c25b4bea398c86ae95fd60d8e99c3fc685faec9b

SHA256
f1d0aa672e703eb40cf1bba7462e83ea61d6091a9336f2d81f19a17a3e3ec281

SHA512
801d1a92b00cb52dd89b7d884b5b88c452843acbac5f79408215cca82fb7cb9b10ab3179710e2cdfcfedd0bf94a39d158b298a64ae656324a3455da524c5c3fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Hezron

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\aut2701.tmp

Filesize
397KB

MD5
f5d85272c3f005a8068f0d6032b150a5

SHA1
75afdb8ed0cced702f03f514228fa2609a53c0eb

SHA256
b0457a191914cf3cf2ca7a39c46035cbb765576e61470aaf511e60b1a7b3059e

SHA512
f04fea99a9c2618c92f5b72328655a2c22eaf224602316af001ee24d472f301ec28ed970e1b34508a33436fe211592b13c52600c410c0987266afb4d1bf9b4c6

Download Submit
C:\Users\Admin\AppData\Local\snails\ectosphere.exe

Filesize
833KB

MD5
c517ecc1d57af03affdd6945e1b618d8

SHA1
5c5174ebdf5902ada7c5899b6c0b98f2db363372

SHA256
9a32e0821da4466b858ecfd185f3d9bff232d8a3b44983988c248df05ef7c2ef

SHA512
355c1f39946662b0c16c6a5fa4c387aad03e1dc1c1dd74d650a784fc9e718b890a877937d8d3a26ab62a22385f03e02e6d0faa6d9e07ea3b16151c909596097a

Download Submit
memory/284-435-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/284-443-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/624-151-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/624-141-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/848-162-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/848-152-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/876-479-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/876-486-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/1044-381-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/1044-373-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/1136-225-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/1216-399-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/1216-407-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/1320-290-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/1372-354-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/1372-346-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/1428-478-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/1428-398-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/1428-391-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/1432-477-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/1464-496-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/1464-504-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/1476-237-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/1476-247-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/1524-302-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/1524-312-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/1528-270-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/1528-280-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/1556-495-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/1556-487-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/1592-269-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/1592-259-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/1608-108-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/1608-98-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/1620-355-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/1620-363-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/1624-173-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/1624-163-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/1636-559-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/1644-513-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/1644-505-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/1724-372-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/1724-364-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/1752-587-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/1772-545-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/1780-426-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/1780-434-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/1796-74-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/1852-236-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/1852-226-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/2012-40-0x0000000000AF0000-0x0000000000EF0000-memory.dmp

Filesize
4.0MB

Download
memory/2012-43-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/2012-32-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/2032-258-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/2032-248-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/2088-215-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/2088-205-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/2116-552-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/2120-390-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/2120-382-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/2164-573-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/2184-444-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/2184-452-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/2236-204-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/2268-13-0x0000000000EA0000-0x000000000106E000-memory.dmp

Filesize
1.8MB

Download
memory/2268-0-0x0000000000EA0000-0x000000000106E000-memory.dmp

Filesize
1.8MB

Download
memory/2268-14-0x0000000002AC0000-0x0000000002C8E000-memory.dmp

Filesize
1.8MB

Download
memory/2268-86-0x0000000002AC0000-0x0000000002C8E000-memory.dmp

Filesize
1.8MB

Download
memory/2268-7-0x0000000000620000-0x0000000000A20000-memory.dmp

Filesize
4.0MB

Download
memory/2272-469-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/2272-462-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/2352-183-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/2448-417-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/2448-425-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/2500-608-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/2584-594-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/2596-335-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/2596-345-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/2612-75-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/2612-85-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/2624-64-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/2624-54-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/2632-601-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/2636-118-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/2716-53-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/2788-129-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/2788-119-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/2860-334-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/2860-324-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/2864-31-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/2864-29-0x0000000002BF0000-0x0000000002DBE000-memory.dmp

Filesize
1.8MB

Download
memory/2864-25-0x00000000006D0000-0x0000000000AD0000-memory.dmp

Filesize
4.0MB

Download
memory/2864-16-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/2868-323-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/2868-313-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/2888-580-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/2892-140-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/2892-130-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/2920-408-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/2920-416-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/2996-301-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/2996-291-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/3024-566-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/3036-97-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/3036-87-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/3040-615-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/3044-194-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/3044-184-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/3064-461-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download
memory/3064-453-0x0000000001350000-0x000000000151E000-memory.dmp

Filesize
1.8MB

Download