49e8a1f12fb5202470604efe01c0d60949d20d302a76aed85b2a049e91266366

Analysis

max time kernel
149s
max time network
120s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
03-12-2024 13:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

z49FACTURA-0987678.exe
Size

854KB
MD5

876f47f33c5975497c15bf24d50952b5
SHA1

a47579ea0e5d47ceb89cbb3450f4c482768a0bf8
SHA256

49e8a1f12fb5202470604efe01c0d60949d20d302a76aed85b2a049e91266366
SHA512

7346f82c0c7065d2de4ec5d5747235ce0ada6e799e6cf461a57ce15969ccd0bf92bf7d5efb2e5b57ad4be0defd3a716bdb6a8c609e0abbe0fb3832f5cfbfd6c3
SSDEEP

24576:Zrl6kD68JmlotQf0hwmcZIR5MRsJOjOZW89S+7Ed7b:1l328U2yf0CmOeMRsnZW8o/h

Score

7^/10

discovery upx

Malware Config

Signatures

Drops startup file 1 IoCs

Processes:

turbinals.exe

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\turbinals.vbs	turbinals.exe

Executes dropped EXE 64 IoCs

Processes:

turbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exe

pid	Process
2688	turbinals.exe
2556	turbinals.exe
2820	turbinals.exe
2604	turbinals.exe
1488	turbinals.exe
3036	turbinals.exe
2884	turbinals.exe
1624	turbinals.exe
1956	turbinals.exe
2608	turbinals.exe
868	turbinals.exe
1468	turbinals.exe
760	turbinals.exe
1952	turbinals.exe
2768	turbinals.exe
2532	turbinals.exe
304	turbinals.exe
1920	turbinals.exe
1832	turbinals.exe
1320	turbinals.exe
2356	turbinals.exe
2644	turbinals.exe
692	turbinals.exe
1052	turbinals.exe
2444	turbinals.exe
2472	turbinals.exe
2996	turbinals.exe
1596	turbinals.exe
2748	turbinals.exe
2780	turbinals.exe
892	turbinals.exe
2596	turbinals.exe
2668	turbinals.exe
2552	turbinals.exe
2904	turbinals.exe
636	turbinals.exe
1816	turbinals.exe
1720	turbinals.exe
776	turbinals.exe
1908	turbinals.exe
1356	turbinals.exe
1424	turbinals.exe
2408	turbinals.exe
2968	turbinals.exe
2388	turbinals.exe
2368	turbinals.exe
1044	turbinals.exe
1736	turbinals.exe
2488	turbinals.exe
1696	turbinals.exe
1824	turbinals.exe
2004	turbinals.exe
1084	turbinals.exe
1188	turbinals.exe
2236	turbinals.exe
2164	turbinals.exe
2440	turbinals.exe
2760	turbinals.exe
2784	turbinals.exe
2708	turbinals.exe
2764	turbinals.exe
2548	turbinals.exe
3028	turbinals.exe
2888	turbinals.exe

Loads dropped DLL 1 IoCs

Processes:

z49FACTURA-0987678.exe

pid	Process
2848	z49FACTURA-0987678.exe

AutoIT Executable 64 IoCs

AutoIT scripts compiled to PE executables.

Processes:

resource	yara_rule
behavioral1/memory/2848-13-0x0000000000900000-0x0000000000AD8000-memory.dmp	autoit_exe
behavioral1/memory/2688-24-0x00000000009D0000-0x0000000000BA8000-memory.dmp	autoit_exe
behavioral1/memory/2688-28-0x00000000009D0000-0x0000000000BA8000-memory.dmp	autoit_exe
behavioral1/memory/2556-29-0x00000000009D0000-0x0000000000BA8000-memory.dmp	autoit_exe
behavioral1/memory/2556-37-0x00000000009D0000-0x0000000000BA8000-memory.dmp	autoit_exe
behavioral1/memory/2556-40-0x00000000009D0000-0x0000000000BA8000-memory.dmp	autoit_exe
behavioral1/memory/2820-41-0x00000000009D0000-0x0000000000BA8000-memory.dmp	autoit_exe
behavioral1/memory/2820-51-0x00000000009D0000-0x0000000000BA8000-memory.dmp	autoit_exe
behavioral1/memory/2604-62-0x00000000009D0000-0x0000000000BA8000-memory.dmp	autoit_exe
behavioral1/memory/1488-72-0x00000000009D0000-0x0000000000BA8000-memory.dmp	autoit_exe
behavioral1/memory/3036-83-0x00000000009D0000-0x0000000000BA8000-memory.dmp	autoit_exe
behavioral1/memory/2884-85-0x00000000009D0000-0x0000000000BA8000-memory.dmp	autoit_exe
behavioral1/memory/2884-94-0x00000000009D0000-0x0000000000BA8000-memory.dmp	autoit_exe
behavioral1/memory/1624-104-0x00000000009D0000-0x0000000000BA8000-memory.dmp	autoit_exe
behavioral1/memory/1956-105-0x00000000009D0000-0x0000000000BA8000-memory.dmp	autoit_exe
behavioral1/memory/1956-115-0x00000000009D0000-0x0000000000BA8000-memory.dmp	autoit_exe
behavioral1/memory/2608-116-0x00000000009D0000-0x0000000000BA8000-memory.dmp	autoit_exe
behavioral1/memory/2608-126-0x00000000009D0000-0x0000000000BA8000-memory.dmp	autoit_exe
behavioral1/memory/868-137-0x00000000009D0000-0x0000000000BA8000-memory.dmp	autoit_exe
behavioral1/memory/1468-148-0x00000000009D0000-0x0000000000BA8000-memory.dmp	autoit_exe
behavioral1/memory/760-158-0x00000000009D0000-0x0000000000BA8000-memory.dmp	autoit_exe
behavioral1/memory/1952-169-0x00000000009D0000-0x0000000000BA8000-memory.dmp	autoit_exe
behavioral1/memory/2768-179-0x00000000009D0000-0x0000000000BA8000-memory.dmp	autoit_exe
behavioral1/memory/2532-190-0x00000000009D0000-0x0000000000BA8000-memory.dmp	autoit_exe
behavioral1/memory/304-200-0x00000000009D0000-0x0000000000BA8000-memory.dmp	autoit_exe
behavioral1/memory/1920-211-0x00000000009D0000-0x0000000000BA8000-memory.dmp	autoit_exe
behavioral1/memory/1832-221-0x00000000009D0000-0x0000000000BA8000-memory.dmp	autoit_exe
behavioral1/memory/1320-222-0x00000000009D0000-0x0000000000BA8000-memory.dmp	autoit_exe
behavioral1/memory/1320-232-0x00000000009D0000-0x0000000000BA8000-memory.dmp	autoit_exe
behavioral1/memory/2356-242-0x00000000009D0000-0x0000000000BA8000-memory.dmp	autoit_exe
behavioral1/memory/2644-243-0x00000000009D0000-0x0000000000BA8000-memory.dmp	autoit_exe
behavioral1/memory/2644-253-0x00000000009D0000-0x0000000000BA8000-memory.dmp	autoit_exe
behavioral1/memory/692-263-0x00000000009D0000-0x0000000000BA8000-memory.dmp	autoit_exe
behavioral1/memory/1052-274-0x00000000009D0000-0x0000000000BA8000-memory.dmp	autoit_exe
behavioral1/memory/2444-285-0x00000000009D0000-0x0000000000BA8000-memory.dmp	autoit_exe
behavioral1/memory/2472-296-0x00000000009D0000-0x0000000000BA8000-memory.dmp	autoit_exe
behavioral1/memory/2996-307-0x00000000009D0000-0x0000000000BA8000-memory.dmp	autoit_exe
behavioral1/memory/1596-308-0x00000000009D0000-0x0000000000BA8000-memory.dmp	autoit_exe
behavioral1/memory/2748-319-0x00000000009D0000-0x0000000000BA8000-memory.dmp	autoit_exe
behavioral1/memory/1596-318-0x00000000009D0000-0x0000000000BA8000-memory.dmp	autoit_exe
behavioral1/memory/2748-329-0x00000000009D0000-0x0000000000BA8000-memory.dmp	autoit_exe
behavioral1/memory/2780-330-0x00000000009D0000-0x0000000000BA8000-memory.dmp	autoit_exe
behavioral1/memory/2780-340-0x00000000009D0000-0x0000000000BA8000-memory.dmp	autoit_exe
behavioral1/memory/892-349-0x00000000009D0000-0x0000000000BA8000-memory.dmp	autoit_exe
behavioral1/memory/2596-350-0x00000000009D0000-0x0000000000BA8000-memory.dmp	autoit_exe
behavioral1/memory/2596-358-0x00000000009D0000-0x0000000000BA8000-memory.dmp	autoit_exe
behavioral1/memory/2668-366-0x00000000009D0000-0x0000000000BA8000-memory.dmp	autoit_exe
behavioral1/memory/2552-367-0x00000000009D0000-0x0000000000BA8000-memory.dmp	autoit_exe
behavioral1/memory/2552-375-0x00000000009D0000-0x0000000000BA8000-memory.dmp	autoit_exe
behavioral1/memory/2904-383-0x00000000009D0000-0x0000000000BA8000-memory.dmp	autoit_exe
behavioral1/memory/636-384-0x00000000009D0000-0x0000000000BA8000-memory.dmp	autoit_exe
behavioral1/memory/636-392-0x00000000009D0000-0x0000000000BA8000-memory.dmp	autoit_exe
behavioral1/memory/1816-400-0x00000000009D0000-0x0000000000BA8000-memory.dmp	autoit_exe
behavioral1/memory/1720-401-0x00000000009D0000-0x0000000000BA8000-memory.dmp	autoit_exe
behavioral1/memory/1720-409-0x00000000009D0000-0x0000000000BA8000-memory.dmp	autoit_exe
behavioral1/memory/776-417-0x00000000009D0000-0x0000000000BA8000-memory.dmp	autoit_exe
behavioral1/memory/1908-418-0x00000000009D0000-0x0000000000BA8000-memory.dmp	autoit_exe
behavioral1/memory/1356-427-0x00000000009D0000-0x0000000000BA8000-memory.dmp	autoit_exe
behavioral1/memory/1908-426-0x00000000009D0000-0x0000000000BA8000-memory.dmp	autoit_exe
behavioral1/memory/1356-435-0x00000000009D0000-0x0000000000BA8000-memory.dmp	autoit_exe
behavioral1/memory/1424-442-0x00000000009D0000-0x0000000000BA8000-memory.dmp	autoit_exe
behavioral1/memory/2408-450-0x00000000009D0000-0x0000000000BA8000-memory.dmp	autoit_exe
behavioral1/memory/2388-460-0x00000000009D0000-0x0000000000BA8000-memory.dmp	autoit_exe
behavioral1/memory/2968-459-0x00000000009D0000-0x0000000000BA8000-memory.dmp	autoit_exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2848-0-0x0000000000900000-0x0000000000AD8000-memory.dmp	upx
behavioral1/files/0x0008000000016dc9-9.dat	upx
behavioral1/memory/2688-15-0x00000000009D0000-0x0000000000BA8000-memory.dmp	upx
behavioral1/memory/2848-13-0x0000000000900000-0x0000000000AD8000-memory.dmp	upx
behavioral1/memory/2688-24-0x00000000009D0000-0x0000000000BA8000-memory.dmp	upx
behavioral1/memory/2688-28-0x00000000009D0000-0x0000000000BA8000-memory.dmp	upx
behavioral1/memory/2556-29-0x00000000009D0000-0x0000000000BA8000-memory.dmp	upx
behavioral1/memory/2556-37-0x00000000009D0000-0x0000000000BA8000-memory.dmp	upx
behavioral1/memory/2556-40-0x00000000009D0000-0x0000000000BA8000-memory.dmp	upx
behavioral1/memory/2820-41-0x00000000009D0000-0x0000000000BA8000-memory.dmp	upx
behavioral1/memory/2604-52-0x00000000009D0000-0x0000000000BA8000-memory.dmp	upx
behavioral1/memory/2820-51-0x00000000009D0000-0x0000000000BA8000-memory.dmp	upx
behavioral1/memory/2604-62-0x00000000009D0000-0x0000000000BA8000-memory.dmp	upx
behavioral1/memory/3036-73-0x00000000009D0000-0x0000000000BA8000-memory.dmp	upx
behavioral1/memory/1488-72-0x00000000009D0000-0x0000000000BA8000-memory.dmp	upx
behavioral1/memory/3036-83-0x00000000009D0000-0x0000000000BA8000-memory.dmp	upx
behavioral1/memory/2884-85-0x00000000009D0000-0x0000000000BA8000-memory.dmp	upx
behavioral1/memory/2884-94-0x00000000009D0000-0x0000000000BA8000-memory.dmp	upx
behavioral1/memory/1624-104-0x00000000009D0000-0x0000000000BA8000-memory.dmp	upx
behavioral1/memory/1956-105-0x00000000009D0000-0x0000000000BA8000-memory.dmp	upx
behavioral1/memory/1956-115-0x00000000009D0000-0x0000000000BA8000-memory.dmp	upx
behavioral1/memory/2608-116-0x00000000009D0000-0x0000000000BA8000-memory.dmp	upx
behavioral1/memory/868-127-0x00000000009D0000-0x0000000000BA8000-memory.dmp	upx
behavioral1/memory/2608-126-0x00000000009D0000-0x0000000000BA8000-memory.dmp	upx
behavioral1/memory/1468-138-0x00000000009D0000-0x0000000000BA8000-memory.dmp	upx
behavioral1/memory/868-137-0x00000000009D0000-0x0000000000BA8000-memory.dmp	upx
behavioral1/memory/1468-148-0x00000000009D0000-0x0000000000BA8000-memory.dmp	upx
behavioral1/memory/1952-159-0x00000000009D0000-0x0000000000BA8000-memory.dmp	upx
behavioral1/memory/760-158-0x00000000009D0000-0x0000000000BA8000-memory.dmp	upx
behavioral1/memory/1952-169-0x00000000009D0000-0x0000000000BA8000-memory.dmp	upx
behavioral1/memory/2532-180-0x00000000009D0000-0x0000000000BA8000-memory.dmp	upx
behavioral1/memory/2768-179-0x00000000009D0000-0x0000000000BA8000-memory.dmp	upx
behavioral1/memory/2532-190-0x00000000009D0000-0x0000000000BA8000-memory.dmp	upx
behavioral1/memory/1920-201-0x00000000009D0000-0x0000000000BA8000-memory.dmp	upx
behavioral1/memory/304-200-0x00000000009D0000-0x0000000000BA8000-memory.dmp	upx
behavioral1/memory/1920-211-0x00000000009D0000-0x0000000000BA8000-memory.dmp	upx
behavioral1/memory/1832-221-0x00000000009D0000-0x0000000000BA8000-memory.dmp	upx
behavioral1/memory/1320-222-0x00000000009D0000-0x0000000000BA8000-memory.dmp	upx
behavioral1/memory/1320-232-0x00000000009D0000-0x0000000000BA8000-memory.dmp	upx
behavioral1/memory/2356-242-0x00000000009D0000-0x0000000000BA8000-memory.dmp	upx
behavioral1/memory/2644-243-0x00000000009D0000-0x0000000000BA8000-memory.dmp	upx
behavioral1/memory/2644-253-0x00000000009D0000-0x0000000000BA8000-memory.dmp	upx
behavioral1/memory/1052-264-0x00000000009D0000-0x0000000000BA8000-memory.dmp	upx
behavioral1/memory/692-263-0x00000000009D0000-0x0000000000BA8000-memory.dmp	upx
behavioral1/memory/1052-274-0x00000000009D0000-0x0000000000BA8000-memory.dmp	upx
behavioral1/memory/2444-275-0x00000000009D0000-0x0000000000BA8000-memory.dmp	upx
behavioral1/memory/2472-286-0x00000000009D0000-0x0000000000BA8000-memory.dmp	upx
behavioral1/memory/2444-285-0x00000000009D0000-0x0000000000BA8000-memory.dmp	upx
behavioral1/memory/2996-297-0x00000000009D0000-0x0000000000BA8000-memory.dmp	upx
behavioral1/memory/2472-296-0x00000000009D0000-0x0000000000BA8000-memory.dmp	upx
behavioral1/memory/2996-307-0x00000000009D0000-0x0000000000BA8000-memory.dmp	upx
behavioral1/memory/1596-308-0x00000000009D0000-0x0000000000BA8000-memory.dmp	upx
behavioral1/memory/2748-319-0x00000000009D0000-0x0000000000BA8000-memory.dmp	upx
behavioral1/memory/1596-318-0x00000000009D0000-0x0000000000BA8000-memory.dmp	upx
behavioral1/memory/2748-329-0x00000000009D0000-0x0000000000BA8000-memory.dmp	upx
behavioral1/memory/2780-330-0x00000000009D0000-0x0000000000BA8000-memory.dmp	upx
behavioral1/memory/2780-340-0x00000000009D0000-0x0000000000BA8000-memory.dmp	upx
behavioral1/memory/892-349-0x00000000009D0000-0x0000000000BA8000-memory.dmp	upx
behavioral1/memory/2596-350-0x00000000009D0000-0x0000000000BA8000-memory.dmp	upx
behavioral1/memory/2596-358-0x00000000009D0000-0x0000000000BA8000-memory.dmp	upx
behavioral1/memory/2668-366-0x00000000009D0000-0x0000000000BA8000-memory.dmp	upx
behavioral1/memory/2552-367-0x00000000009D0000-0x0000000000BA8000-memory.dmp	upx
behavioral1/memory/2552-375-0x00000000009D0000-0x0000000000BA8000-memory.dmp	upx
behavioral1/memory/2904-383-0x00000000009D0000-0x0000000000BA8000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	turbinals.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	turbinals.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	turbinals.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	turbinals.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	turbinals.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	turbinals.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	turbinals.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	turbinals.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	turbinals.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	turbinals.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	turbinals.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	turbinals.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	turbinals.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	turbinals.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	turbinals.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	turbinals.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	turbinals.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	turbinals.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	turbinals.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	turbinals.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	turbinals.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	turbinals.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	turbinals.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	turbinals.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	turbinals.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	turbinals.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	turbinals.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	turbinals.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	turbinals.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	turbinals.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	turbinals.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	turbinals.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	turbinals.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	turbinals.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	turbinals.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	turbinals.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	turbinals.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	turbinals.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	turbinals.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	turbinals.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	turbinals.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	turbinals.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	turbinals.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	turbinals.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	turbinals.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	turbinals.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	turbinals.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	turbinals.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	turbinals.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	turbinals.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	turbinals.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	turbinals.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	turbinals.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	turbinals.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	turbinals.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	turbinals.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	turbinals.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	turbinals.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	turbinals.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	turbinals.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	turbinals.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	turbinals.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	turbinals.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	turbinals.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

z49FACTURA-0987678.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exeturbinals.exe

pid	Process
2848	z49FACTURA-0987678.exe
2848	z49FACTURA-0987678.exe
2688	turbinals.exe
2688	turbinals.exe
2556	turbinals.exe
2556	turbinals.exe
2820	turbinals.exe
2820	turbinals.exe
2604	turbinals.exe
2604	turbinals.exe
1488	turbinals.exe
1488	turbinals.exe
3036	turbinals.exe
3036	turbinals.exe
2884	turbinals.exe
2884	turbinals.exe
1624	turbinals.exe
1624	turbinals.exe
1956	turbinals.exe
1956	turbinals.exe
2608	turbinals.exe
2608	turbinals.exe
868	turbinals.exe
868	turbinals.exe
1468	turbinals.exe
1468	turbinals.exe
760	turbinals.exe
760	turbinals.exe
1952	turbinals.exe
1952	turbinals.exe
2768	turbinals.exe
2768	turbinals.exe
2532	turbinals.exe
2532	turbinals.exe
304	turbinals.exe
304	turbinals.exe
1920	turbinals.exe
1920	turbinals.exe
1832	turbinals.exe
1832	turbinals.exe
1320	turbinals.exe
1320	turbinals.exe
2356	turbinals.exe
2356	turbinals.exe
2644	turbinals.exe
2644	turbinals.exe
692	turbinals.exe
692	turbinals.exe
1052	turbinals.exe
1052	turbinals.exe
2444	turbinals.exe
2444	turbinals.exe
2472	turbinals.exe
2472	turbinals.exe
2996	turbinals.exe
2996	turbinals.exe
1596	turbinals.exe
1596	turbinals.exe
2748	turbinals.exe
2748	turbinals.exe
2780	turbinals.exe
2780	turbinals.exe
892	turbinals.exe
892	turbinals.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

pid	Process
2848	z49FACTURA-0987678.exe
2848	z49FACTURA-0987678.exe
2688	turbinals.exe
2688	turbinals.exe
2556	turbinals.exe
2556	turbinals.exe
2820	turbinals.exe
2820	turbinals.exe
2604	turbinals.exe
2604	turbinals.exe
1488	turbinals.exe
1488	turbinals.exe
3036	turbinals.exe
3036	turbinals.exe
2884	turbinals.exe
2884	turbinals.exe
1624	turbinals.exe
1624	turbinals.exe
1956	turbinals.exe
1956	turbinals.exe
2608	turbinals.exe
2608	turbinals.exe
868	turbinals.exe
868	turbinals.exe
1468	turbinals.exe
1468	turbinals.exe
760	turbinals.exe
760	turbinals.exe
1952	turbinals.exe
1952	turbinals.exe
2768	turbinals.exe
2768	turbinals.exe
2532	turbinals.exe
2532	turbinals.exe
304	turbinals.exe
304	turbinals.exe
1920	turbinals.exe
1920	turbinals.exe
1832	turbinals.exe
1832	turbinals.exe
1320	turbinals.exe
1320	turbinals.exe
2356	turbinals.exe
2356	turbinals.exe
2644	turbinals.exe
2644	turbinals.exe
692	turbinals.exe
692	turbinals.exe
1052	turbinals.exe
1052	turbinals.exe
2444	turbinals.exe
2444	turbinals.exe
2472	turbinals.exe
2472	turbinals.exe
2996	turbinals.exe
2996	turbinals.exe
1596	turbinals.exe
1596	turbinals.exe
2748	turbinals.exe
2748	turbinals.exe
2780	turbinals.exe
2780	turbinals.exe
892	turbinals.exe
892	turbinals.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

description	pid	Process	procid_target
PID 2848 wrote to memory of 2688	2848	z49FACTURA-0987678.exe	31
PID 2848 wrote to memory of 2688	2848	z49FACTURA-0987678.exe	31
PID 2848 wrote to memory of 2688	2848	z49FACTURA-0987678.exe	31
PID 2848 wrote to memory of 2688	2848	z49FACTURA-0987678.exe	31
PID 2688 wrote to memory of 2556	2688	turbinals.exe	32
PID 2688 wrote to memory of 2556	2688	turbinals.exe	32
PID 2688 wrote to memory of 2556	2688	turbinals.exe	32
PID 2688 wrote to memory of 2556	2688	turbinals.exe	32
PID 2556 wrote to memory of 2820	2556	turbinals.exe	33
PID 2556 wrote to memory of 2820	2556	turbinals.exe	33
PID 2556 wrote to memory of 2820	2556	turbinals.exe	33
PID 2556 wrote to memory of 2820	2556	turbinals.exe	33
PID 2820 wrote to memory of 2604	2820	turbinals.exe	34
PID 2820 wrote to memory of 2604	2820	turbinals.exe	34
PID 2820 wrote to memory of 2604	2820	turbinals.exe	34
PID 2820 wrote to memory of 2604	2820	turbinals.exe	34
PID 2604 wrote to memory of 1488	2604	turbinals.exe	35
PID 2604 wrote to memory of 1488	2604	turbinals.exe	35
PID 2604 wrote to memory of 1488	2604	turbinals.exe	35
PID 2604 wrote to memory of 1488	2604	turbinals.exe	35
PID 1488 wrote to memory of 3036	1488	turbinals.exe	36
PID 1488 wrote to memory of 3036	1488	turbinals.exe	36
PID 1488 wrote to memory of 3036	1488	turbinals.exe	36
PID 1488 wrote to memory of 3036	1488	turbinals.exe	36
PID 3036 wrote to memory of 2884	3036	turbinals.exe	37
PID 3036 wrote to memory of 2884	3036	turbinals.exe	37
PID 3036 wrote to memory of 2884	3036	turbinals.exe	37
PID 3036 wrote to memory of 2884	3036	turbinals.exe	37
PID 2884 wrote to memory of 1624	2884	turbinals.exe	38
PID 2884 wrote to memory of 1624	2884	turbinals.exe	38
PID 2884 wrote to memory of 1624	2884	turbinals.exe	38
PID 2884 wrote to memory of 1624	2884	turbinals.exe	38
PID 1624 wrote to memory of 1956	1624	turbinals.exe	39
PID 1624 wrote to memory of 1956	1624	turbinals.exe	39
PID 1624 wrote to memory of 1956	1624	turbinals.exe	39
PID 1624 wrote to memory of 1956	1624	turbinals.exe	39
PID 1956 wrote to memory of 2608	1956	turbinals.exe	40
PID 1956 wrote to memory of 2608	1956	turbinals.exe	40
PID 1956 wrote to memory of 2608	1956	turbinals.exe	40
PID 1956 wrote to memory of 2608	1956	turbinals.exe	40
PID 2608 wrote to memory of 868	2608	turbinals.exe	41
PID 2608 wrote to memory of 868	2608	turbinals.exe	41
PID 2608 wrote to memory of 868	2608	turbinals.exe	41
PID 2608 wrote to memory of 868	2608	turbinals.exe	41
PID 868 wrote to memory of 1468	868	turbinals.exe	42
PID 868 wrote to memory of 1468	868	turbinals.exe	42
PID 868 wrote to memory of 1468	868	turbinals.exe	42
PID 868 wrote to memory of 1468	868	turbinals.exe	42
PID 1468 wrote to memory of 760	1468	turbinals.exe	43
PID 1468 wrote to memory of 760	1468	turbinals.exe	43
PID 1468 wrote to memory of 760	1468	turbinals.exe	43
PID 1468 wrote to memory of 760	1468	turbinals.exe	43
PID 760 wrote to memory of 1952	760	turbinals.exe	44
PID 760 wrote to memory of 1952	760	turbinals.exe	44
PID 760 wrote to memory of 1952	760	turbinals.exe	44
PID 760 wrote to memory of 1952	760	turbinals.exe	44
PID 1952 wrote to memory of 2768	1952	turbinals.exe	45
PID 1952 wrote to memory of 2768	1952	turbinals.exe	45
PID 1952 wrote to memory of 2768	1952	turbinals.exe	45
PID 1952 wrote to memory of 2768	1952	turbinals.exe	45
PID 2768 wrote to memory of 2532	2768	turbinals.exe	46
PID 2768 wrote to memory of 2532	2768	turbinals.exe	46
PID 2768 wrote to memory of 2532	2768	turbinals.exe	46
PID 2768 wrote to memory of 2532	2768	turbinals.exe	46

C:\Users\Admin\AppData\Local\Temp\z49FACTURA-0987678.exe
"C:\Users\Admin\AppData\Local\Temp\z49FACTURA-0987678.exe"
1⤵
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2848
- C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
  "C:\Users\Admin\AppData\Local\Temp\z49FACTURA-0987678.exe"
  2⤵
  - Drops startup file
  - Executes dropped EXE
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2688
- - C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
    "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:2556
  - - C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
      "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of WriteProcessMemory
      PID:2820
    - - C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        5⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2604
      - C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        6⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        9⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        10⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        11⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        12⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:868
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        13⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        14⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:760
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        15⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        16⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        17⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        18⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:304
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        19⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        20⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        21⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        22⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        23⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        24⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:692
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        25⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        26⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        27⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        28⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        29⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        30⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        31⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        32⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:892
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        33⤵
        Executes dropped EXE
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        34⤵
        Executes dropped EXE
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        35⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        36⤵
        Executes dropped EXE
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        37⤵
        Executes dropped EXE
        
        PID:636
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        38⤵
        Executes dropped EXE
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        39⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        40⤵
        Executes dropped EXE
        
        PID:776
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        41⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        42⤵
        Executes dropped EXE
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        43⤵
        Executes dropped EXE
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        44⤵
        Executes dropped EXE
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        45⤵
        Executes dropped EXE
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        46⤵
        Executes dropped EXE
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        47⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        48⤵
        Executes dropped EXE
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        49⤵
        Executes dropped EXE
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        50⤵
        Executes dropped EXE
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        51⤵
        Executes dropped EXE
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        52⤵
        Executes dropped EXE
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        53⤵
        Executes dropped EXE
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        54⤵
        Executes dropped EXE
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        55⤵
        Executes dropped EXE
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        56⤵
        Executes dropped EXE
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        57⤵
        Executes dropped EXE
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        58⤵
        Executes dropped EXE
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        59⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        60⤵
        Executes dropped EXE
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        61⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        62⤵
        Executes dropped EXE
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        63⤵
        Executes dropped EXE
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        64⤵
        Executes dropped EXE
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        65⤵
        Executes dropped EXE
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        66⤵
        System Location Discovery: System Language Discovery
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        67⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        68⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        69⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        70⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        71⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        72⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        73⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        74⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        75⤵
        
        PID:444
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        76⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        77⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        78⤵
        System Location Discovery: System Language Discovery
        
        PID:944
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        79⤵
        
        PID:1388
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        80⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        81⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        82⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        83⤵
        System Location Discovery: System Language Discovery
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        84⤵
        System Location Discovery: System Language Discovery
        
        PID:764
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        85⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        86⤵
        System Location Discovery: System Language Discovery
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        87⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        88⤵
        System Location Discovery: System Language Discovery
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        89⤵
        System Location Discovery: System Language Discovery
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        90⤵
        System Location Discovery: System Language Discovery
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        91⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        92⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        93⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        94⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        95⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        96⤵
        
        PID:480
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        97⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        98⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        99⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        100⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        101⤵
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        102⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        103⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        104⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        105⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        106⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        107⤵
        System Location Discovery: System Language Discovery
        
        PID:988
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        108⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        109⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        110⤵
        System Location Discovery: System Language Discovery
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        111⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        112⤵
        System Location Discovery: System Language Discovery
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        113⤵
        System Location Discovery: System Language Discovery
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        114⤵
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        115⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        116⤵
        System Location Discovery: System Language Discovery
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        117⤵
        System Location Discovery: System Language Discovery
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        118⤵
        System Location Discovery: System Language Discovery
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        119⤵
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        120⤵
        System Location Discovery: System Language Discovery
        
        PID:940
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        121⤵
        System Location Discovery: System Language Discovery
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        122⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        123⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        124⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        125⤵
        
        PID:808
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        126⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        127⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        128⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        129⤵
        System Location Discovery: System Language Discovery
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        130⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        131⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        132⤵
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        133⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        134⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        135⤵
        System Location Discovery: System Language Discovery
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        136⤵
        
        PID:464
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        137⤵
        System Location Discovery: System Language Discovery
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        138⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        139⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        140⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        141⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        142⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        143⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        144⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        145⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        146⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        147⤵
        
        PID:804
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        148⤵
        
        PID:676
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        149⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        150⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        151⤵
        System Location Discovery: System Language Discovery
        
        PID:372
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        152⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        153⤵
        System Location Discovery: System Language Discovery
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        154⤵
        System Location Discovery: System Language Discovery
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        155⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        156⤵
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        157⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        158⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        159⤵
        System Location Discovery: System Language Discovery
        
        PID:756
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        160⤵
        System Location Discovery: System Language Discovery
        
        PID:612
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        161⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        162⤵
        System Location Discovery: System Language Discovery
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        163⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        164⤵
        System Location Discovery: System Language Discovery
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        165⤵
        
        PID:1392
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        166⤵
        System Location Discovery: System Language Discovery
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        167⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        168⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        169⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        170⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        171⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        172⤵
        System Location Discovery: System Language Discovery
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        173⤵
        System Location Discovery: System Language Discovery
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        174⤵
        System Location Discovery: System Language Discovery
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        175⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        176⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        177⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        178⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        179⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        180⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        181⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        182⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        183⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        184⤵
        System Location Discovery: System Language Discovery
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        185⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        186⤵
        System Location Discovery: System Language Discovery
        
        PID:836
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        187⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        188⤵
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        189⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        190⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        191⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        192⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        193⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        194⤵
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        195⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        196⤵
        
        PID:556
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        197⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        198⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        199⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        200⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        201⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        202⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        203⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        204⤵
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        205⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        206⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        207⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        208⤵
        System Location Discovery: System Language Discovery
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        209⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        210⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        211⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        212⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        213⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        214⤵
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        215⤵
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        216⤵
        System Location Discovery: System Language Discovery
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        217⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        218⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        219⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        220⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        221⤵
        System Location Discovery: System Language Discovery
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        222⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        223⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        224⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        225⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        226⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        227⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        228⤵
        System Location Discovery: System Language Discovery
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        229⤵
        System Location Discovery: System Language Discovery
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        230⤵
        System Location Discovery: System Language Discovery
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        231⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        232⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        233⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        234⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        235⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        236⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        237⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        238⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        239⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        240⤵
        System Location Discovery: System Language Discovery
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        241⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        242⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        243⤵
        System Location Discovery: System Language Discovery
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        244⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        245⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        246⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        247⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe
        
        "C:\Users\Admin\AppData\Local\acceptancy\turbinals.exe"
        248⤵
        System Location Discovery: System Language Discovery
        
        PID:3256

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\autF316.tmp

Filesize
413KB

MD5
fbbab074ea1bc72a76e7e17d4546f64a

SHA1
b7e164e3bd18c016f162808550b250eddc9ccd46

SHA256
64addcbf4c12af13cc30a75208952ab12b2a66ccec42dd6d65297bd067733e54

SHA512
d4c3dcd1ddcb9d5ba519f71c49a4f63d72554930174f0c727a7f6d6cfa6e50ed3142db7c84f666646ff45914a6a46f1a545577dffac6ad405bbdb206c41b8483

Download Submit
C:\Users\Admin\AppData\Local\Temp\nonhazardousness

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nonhazardousness

Filesize
481KB

MD5
1d91eeebb3b92b76f541713ef2bfd0ee

SHA1
05a109daafce3d39d6fb3b9e747614a1531f2890

SHA256
206627c14f57b9b6ce47b972da9538c1fc4e941626b803abe5c852e54f309795

SHA512
c55bc96b3de8722e89217116a8b6959857c1beb822bd95284789513b5ff88ca6ef4124156f7d212488249083505268cf68ce59da729dd3b7378b030c89e98489

Download Submit
\Users\Admin\AppData\Local\acceptancy\turbinals.exe

Filesize
854KB

MD5
876f47f33c5975497c15bf24d50952b5

SHA1
a47579ea0e5d47ceb89cbb3450f4c482768a0bf8

SHA256
49e8a1f12fb5202470604efe01c0d60949d20d302a76aed85b2a049e91266366

SHA512
7346f82c0c7065d2de4ec5d5747235ce0ada6e799e6cf461a57ce15969ccd0bf92bf7d5efb2e5b57ad4be0defd3a716bdb6a8c609e0abbe0fb3832f5cfbfd6c3

Download Submit
memory/304-200-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/636-392-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/636-384-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/692-263-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/760-158-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/776-417-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/868-127-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/868-137-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/892-349-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/1044-486-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/1044-478-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/1052-274-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/1052-264-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/1084-537-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/1188-544-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/1320-232-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/1320-222-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/1356-427-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/1356-435-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/1424-442-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/1468-148-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/1468-138-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/1488-72-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/1596-308-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/1596-318-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/1624-104-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/1696-513-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/1696-505-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/1720-409-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/1720-401-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/1736-495-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/1736-487-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/1816-400-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/1824-522-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/1824-514-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/1832-221-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/1908-418-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/1908-426-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/1920-211-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/1920-201-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/1952-169-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/1952-159-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/1956-105-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/1956-115-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/2004-530-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/2164-558-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/2236-551-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/2356-242-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/2368-477-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/2368-469-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/2388-468-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/2388-460-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/2408-450-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/2440-565-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/2444-275-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/2444-285-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/2472-286-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/2472-296-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/2488-504-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/2488-496-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/2532-180-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/2532-190-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/2548-600-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/2552-367-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/2552-375-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/2556-40-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/2556-29-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/2556-37-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/2596-358-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/2596-350-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/2604-62-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/2604-52-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/2608-116-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/2608-126-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/2644-253-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/2644-243-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/2668-366-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/2688-28-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/2688-24-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/2688-15-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/2708-586-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/2748-329-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/2748-319-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/2760-572-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/2764-593-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/2768-179-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/2780-330-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/2780-340-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/2784-579-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/2820-51-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/2820-41-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/2848-13-0x0000000000900000-0x0000000000AD8000-memory.dmp

Filesize
1.8MB

Download
memory/2848-0-0x0000000000900000-0x0000000000AD8000-memory.dmp

Filesize
1.8MB

Download
memory/2848-7-0x0000000000B10000-0x0000000000F10000-memory.dmp

Filesize
4.0MB

Download
memory/2848-84-0x0000000000B10000-0x0000000000F10000-memory.dmp

Filesize
4.0MB

Download
memory/2884-85-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/2884-94-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/2904-383-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/2968-459-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/2968-451-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/2996-297-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/2996-307-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/3028-607-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/3036-73-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download
memory/3036-83-0x00000000009D0000-0x0000000000BA8000-memory.dmp

Filesize
1.8MB

Download