f1463764d4b03bee22224ed788b94e36ec5afe5167c906ae49659a881dc0e1fe

Analysis

max time kernel
21s
max time network
19s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
07-07-2024 06:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
Size

830KB
MD5

4901a4f2a25f8171f07c4a7c7b9b3e30
SHA1

da4cb01ffe85a108b2919332936c0899ca212f5f
SHA256

f1463764d4b03bee22224ed788b94e36ec5afe5167c906ae49659a881dc0e1fe
SHA512

d0fc7f76069b8beb88bc84eb0ddefe71bf4fd09ecbe01d4ffd6cbe49bf79349cc11c7985b5ebd7a93733371f61510b4bd6c6517b3d45c971d29f0d2ee01b79ec
SSDEEP

12288:dXCNi9BDh/HUD+RFeFeqTYrBrPFJFu0EGrt7g/FtW3ixm4bozZII2Lkav7Fxz9:oWDh/UDIFew5tPFJmu2XWSU4bTI2LDh

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\A:	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
File opened (read-only)	\??\E:	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
File opened (read-only)	\??\J:	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
File opened (read-only)	\??\M:	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
File opened (read-only)	\??\P:	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
File opened (read-only)	\??\S:	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
File opened (read-only)	\??\O:	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
File opened (read-only)	\??\R:	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
File opened (read-only)	\??\V:	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
File opened (read-only)	\??\X:	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
File opened (read-only)	\??\G:	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
File opened (read-only)	\??\H:	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
File opened (read-only)	\??\I:	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
File opened (read-only)	\??\N:	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
File opened (read-only)	\??\T:	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
File opened (read-only)	\??\Y:	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
File opened (read-only)	\??\Z:	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
File opened (read-only)	\??\B:	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
File opened (read-only)	\??\K:	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
File opened (read-only)	\??\L:	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
File opened (read-only)	\??\Q:	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
File opened (read-only)	\??\U:	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
File opened (read-only)	\??\W:	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\black handjob lingerie hidden hole .rar.exe	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\russian nude bukkake hidden ¤ã .avi.exe	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\black animal hardcore public traffic .mpeg.exe	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\russian handjob hardcore voyeur pregnant (Ashley,Jade).avi.exe	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\italian kicking trambling big fishy (Christine,Melissa).rar.exe	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\swedish handjob gay uncut hole .zip.exe	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
File created	C:\Program Files (x86)\Google\Temp\beast lesbian (Liz).zip.exe	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
File created	C:\Program Files (x86)\Google\Update\Download\black fetish bukkake full movie mature .avi.exe	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\beast [bangbus] feet .mpeg.exe	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
File created	C:\Program Files\DVD Maker\Shared\italian horse fucking several models balls .rar.exe	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
File created	C:\Program Files\Windows Journal\Templates\black porn xxx [milf] hole swallow .rar.exe	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\brasilian gang bang hardcore lesbian hole gorgeoushorny .avi.exe	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\blowjob voyeur bondage .mpg.exe	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\blowjob voyeur mature .mpg.exe	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\horse [milf] glans high heels .avi.exe	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe

Drops file in Windows directory 18 IoCs

description	ioc	Process
File created	C:\Windows\mssrv.exe	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\black horse lingerie several models feet wifey (Karin).rar.exe	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\american nude xxx several models wifey .mpeg.exe	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\trambling licking balls .rar.exe	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
File created	C:\Windows\assembly\tmp\animal horse public feet ejaculation (Curtney).rar.exe	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\lingerie big cock .zip.exe	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\beast public .mpg.exe	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\lesbian full movie femdom (Britney,Sylvia).zip.exe	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\lesbian sleeping .avi.exe	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
File created	C:\Windows\assembly\temp\danish action beast [free] ìï (Sonja,Sarah).rar.exe	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\sperm [milf] 50+ .mpg.exe	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\beast uncut cock (Sonja,Samantha).rar.exe	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\xxx girls shoes .avi.exe	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\tyrkish horse blowjob voyeur lady (Christine,Karin).zip.exe	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\hardcore lesbian .zip.exe	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\japanese handjob bukkake lesbian granny .mpg.exe	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\sperm public circumcision (Ashley,Liz).avi.exe	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
File created	C:\Windows\Downloaded Program Files\brasilian horse xxx [free] (Liz).avi.exe	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1848	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
1248	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
1848	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
2152	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
2772	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
1848	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
1248	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
1640	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
1848	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
2152	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
2552	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
2720	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
2772	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
2588	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
1248	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
2272	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
1848	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
2152	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
1640	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
564	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
1132	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
1380	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
2772	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
2552	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
2860	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
1176	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
2052	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
1248	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
1492	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
2720	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
2588	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
924	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
2124	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
1848	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
2168	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
2272	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
2152	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
1640	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
1080	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
2100	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
2188	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
2772	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
1132	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
1780	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
2896	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
2004	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
1380	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
476	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
2552	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
564	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
1248	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
584	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
584	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
2392	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
2392	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
1476	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
1476	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
1332	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
1332	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
2588	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
2588	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
2720	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
2720	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
1680	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1848 wrote to memory of 1248	1848	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe	30
PID 1848 wrote to memory of 1248	1848	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe	30
PID 1848 wrote to memory of 1248	1848	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe	30
PID 1848 wrote to memory of 1248	1848	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe	30
PID 1848 wrote to memory of 2152	1848	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe	31
PID 1848 wrote to memory of 2152	1848	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe	31
PID 1848 wrote to memory of 2152	1848	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe	31
PID 1848 wrote to memory of 2152	1848	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe	31
PID 1248 wrote to memory of 2772	1248	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe	32
PID 1248 wrote to memory of 2772	1248	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe	32
PID 1248 wrote to memory of 2772	1248	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe	32
PID 1248 wrote to memory of 2772	1248	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe	32
PID 1848 wrote to memory of 1640	1848	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe	33
PID 1848 wrote to memory of 1640	1848	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe	33
PID 1848 wrote to memory of 1640	1848	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe	33
PID 1848 wrote to memory of 1640	1848	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe	33
PID 2772 wrote to memory of 2720	2772	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe	34
PID 2772 wrote to memory of 2720	2772	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe	34
PID 2772 wrote to memory of 2720	2772	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe	34
PID 2772 wrote to memory of 2720	2772	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe	34
PID 2152 wrote to memory of 2552	2152	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe	35
PID 2152 wrote to memory of 2552	2152	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe	35
PID 2152 wrote to memory of 2552	2152	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe	35
PID 2152 wrote to memory of 2552	2152	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe	35
PID 1248 wrote to memory of 2588	1248	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe	36
PID 1248 wrote to memory of 2588	1248	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe	36
PID 1248 wrote to memory of 2588	1248	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe	36
PID 1248 wrote to memory of 2588	1248	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe	36
PID 1848 wrote to memory of 2272	1848	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe	37
PID 1848 wrote to memory of 2272	1848	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe	37
PID 1848 wrote to memory of 2272	1848	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe	37
PID 1848 wrote to memory of 2272	1848	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe	37
PID 2152 wrote to memory of 1132	2152	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe	38
PID 2152 wrote to memory of 1132	2152	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe	38
PID 2152 wrote to memory of 1132	2152	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe	38
PID 2152 wrote to memory of 1132	2152	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe	38
PID 1640 wrote to memory of 564	1640	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe	39
PID 1640 wrote to memory of 564	1640	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe	39
PID 1640 wrote to memory of 564	1640	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe	39
PID 1640 wrote to memory of 564	1640	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe	39
PID 2772 wrote to memory of 1380	2772	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe	40
PID 2772 wrote to memory of 1380	2772	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe	40
PID 2772 wrote to memory of 1380	2772	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe	40
PID 2772 wrote to memory of 1380	2772	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe	40
PID 2552 wrote to memory of 2860	2552	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe	42
PID 2552 wrote to memory of 2860	2552	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe	42
PID 2552 wrote to memory of 2860	2552	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe	42
PID 2552 wrote to memory of 2860	2552	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe	42
PID 1248 wrote to memory of 1176	1248	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe	41
PID 1248 wrote to memory of 1176	1248	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe	41
PID 1248 wrote to memory of 1176	1248	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe	41
PID 1248 wrote to memory of 1176	1248	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe	41
PID 2720 wrote to memory of 2052	2720	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe	43
PID 2720 wrote to memory of 2052	2720	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe	43
PID 2720 wrote to memory of 2052	2720	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe	43
PID 2720 wrote to memory of 2052	2720	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe	43
PID 2588 wrote to memory of 1492	2588	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe	44
PID 2588 wrote to memory of 1492	2588	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe	44
PID 2588 wrote to memory of 1492	2588	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe	44
PID 2588 wrote to memory of 1492	2588	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe	44
PID 1848 wrote to memory of 924	1848	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe	45
PID 1848 wrote to memory of 924	1848	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe	45
PID 1848 wrote to memory of 924	1848	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe	45
PID 1848 wrote to memory of 924	1848	4901a4f2a25f8171f07c4a7c7b9b3e30N.exe	45

C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
"C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1848
- C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
  "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1248
- - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
    "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2772
  - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
      "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2720
    - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2052
      - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        7⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        7⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        7⤵
        
        PID:7420
      - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        6⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        7⤵
        
        PID:7864
      - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        6⤵
        
        PID:3908
      - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        6⤵
        
        PID:6388
      - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        6⤵
        
        PID:8232
    - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:584
      - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        6⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        7⤵
        
        PID:6636
      - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        6⤵
        
        PID:4788
      - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        6⤵
        
        PID:6676
    - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        5⤵
        
        PID:2136
      - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        6⤵
        
        PID:5116
      - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        6⤵
        
        PID:8084
    - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        5⤵
        
        PID:3960
    - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        5⤵
        
        PID:6960
  - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
      "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1380
    - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1780
      - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        6⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        7⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        7⤵
        
        PID:6660
      - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        6⤵
        
        PID:3984
      - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        6⤵
        
        PID:6372
      - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        6⤵
        
        PID:8460
    - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        5⤵
        
        PID:2800
      - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        6⤵
        
        PID:3656
      - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        6⤵
        
        PID:5072
      - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        6⤵
        
        PID:7840
    - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        5⤵
        
        PID:3692
    - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        5⤵
        
        PID:6356
  - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
      "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2100
    - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        5⤵
        
        PID:2812
      - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        6⤵
        
        PID:4660
      - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        6⤵
        
        PID:7960
    - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        5⤵
        
        PID:3708
    - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        5⤵
        
        PID:5516
    - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        5⤵
        
        PID:6996
  - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
      "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
      4⤵
      PID:2296
    - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        5⤵
        
        PID:4500
    - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        5⤵
        
        PID:7804
  - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
      "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
      4⤵
      PID:3488
  - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
      "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
      4⤵
      PID:6348
- - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
    "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2588
  - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
      "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1492
    - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        5⤵
        
        PID:2932
      - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        6⤵
        
        PID:3552
      - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        6⤵
        
        PID:6324
    - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        5⤵
        
        PID:2344
      - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        6⤵
        
        PID:7296
    - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        5⤵
        
        PID:3704
    - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        5⤵
        
        PID:5156
    - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        5⤵
        
        PID:5704
  - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
      "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2392
    - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        5⤵
        
        PID:3216
    - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        5⤵
        
        PID:3440
    - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        5⤵
        
        PID:4952
    - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        5⤵
        
        PID:4252
  - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
      "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
      4⤵
      PID:2244
    - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        5⤵
        
        PID:5064
    - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        5⤵
        
        PID:6304
  - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
      "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
      4⤵
      PID:4004
  - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
      "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
      4⤵
      PID:7156
- - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
    "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1176
  - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
      "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1332
    - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        5⤵
        
        PID:3304
      - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        6⤵
        
        PID:6760
    - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        5⤵
        
        PID:3360
    - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        5⤵
        
        PID:4960
    - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        5⤵
        
        PID:5192
  - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
      "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
      4⤵
      PID:2952
  - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
      "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
      4⤵
      PID:4412
  - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
      "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
      4⤵
      PID:6692
- - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
    "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2004
  - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
      "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
      4⤵
      PID:3040
    - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        5⤵
        
        PID:3572
    - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        5⤵
        
        PID:5012
    - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        5⤵
        
        PID:7820
  - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
      "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
      4⤵
      PID:3996
  - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
      "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
      4⤵
      PID:6380
  - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
      "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
      4⤵
      PID:8212
- - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
    "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
    3⤵
    PID:2312
  - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
      "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
      4⤵
      PID:4968
  - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
      "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
      4⤵
      PID:7796
- - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
    "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
    3⤵
    PID:3928
- - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
    "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
    3⤵
    PID:6544
- C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
  "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2152
- - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
    "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2552
  - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
      "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2860
    - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1476
      - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        6⤵
        
        PID:3280
      - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        6⤵
        
        PID:4820
      - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        6⤵
        
        PID:6764
    - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        5⤵
        
        PID:2664
    - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        5⤵
        
        PID:4216
    - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        5⤵
        
        PID:7788
  - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
      "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2896
    - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        5⤵
        
        PID:1952
      - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        6⤵
        
        PID:4876
      - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        6⤵
        
        PID:5020
    - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        5⤵
        
        PID:3856
    - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        5⤵
        
        PID:7812
  - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
      "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
      4⤵
      PID:2916
    - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        5⤵
        
        PID:4524
    - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        5⤵
        
        PID:6720
  - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
      "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
      4⤵
      PID:3648
  - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
      "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
      4⤵
      PID:5128
  - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
      "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
      4⤵
      PID:7856
- - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
    "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1132
  - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
      "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2188
    - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        5⤵
        
        PID:552
      - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        6⤵
        
        PID:4880
      - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        6⤵
        
        PID:7896
    - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        5⤵
        
        PID:3868
    - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        5⤵
        
        PID:6736
  - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
      "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
      4⤵
      PID:2712
    - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        5⤵
        
        PID:4224
    - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        5⤵
        
        PID:7148
  - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
      "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
      4⤵
      PID:3560
  - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
      "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
      4⤵
      PID:6340
- - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
    "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2124
  - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
      "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
      4⤵
      PID:660
    - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        5⤵
        
        PID:3900
    - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        5⤵
        
        PID:6432
    - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        5⤵
        
        PID:8468
  - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
      "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
      4⤵
      PID:3328
  - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
      "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
      4⤵
      PID:4804
  - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
      "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
      4⤵
      PID:6668
- - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
    "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
    3⤵
    PID:1700
  - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
      "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
      4⤵
      PID:3640
  - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
      "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
      4⤵
      PID:5164
  - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
      "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
      4⤵
      PID:7848
- - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
    "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
    3⤵
    PID:3104
  - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
      "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
      4⤵
      PID:6620
- - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
    "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
    3⤵
    PID:4424
- - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
    "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
    3⤵
    PID:6772
- C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
  "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1640
- - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
    "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:564
  - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
      "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:476
    - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        5⤵
        
        PID:2684
      - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        6⤵
        
        PID:3416
      - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        6⤵
        
        PID:5044
      - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        6⤵
        
        PID:7192
    - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        5⤵
        
        PID:4104
    - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        5⤵
        
        PID:7140
  - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
      "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
      4⤵
      PID:3000
    - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        5⤵
        
        PID:4688
    - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        5⤵
        
        PID:6700
  - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
      "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
      4⤵
      PID:3836
  - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
      "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
      4⤵
      PID:6316
  - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
      "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
      4⤵
      PID:8512
- - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
    "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1080
  - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
      "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
      4⤵
      PID:3036
    - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        5⤵
        
        PID:4344
    - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        5⤵
        
        PID:6364
    - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        5⤵
        
        PID:8200
  - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
      "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
      4⤵
      PID:3480
  - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
      "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
      4⤵
      PID:6292
- - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
    "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
    3⤵
    PID:1068
  - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
      "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
      4⤵
      PID:3952
  - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
      "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
      4⤵
      PID:6976
- - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
    "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
    3⤵
    PID:3152
- - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
    "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
    3⤵
    PID:4752
- - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
    "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
    3⤵
    PID:6684
- - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
    "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
    3⤵
    PID:8272
- C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
  "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2272
- - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
    "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2168
  - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
      "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
      4⤵
      PID:860
    - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        5⤵
        
        PID:3864
    - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        5⤵
        
        PID:5144
    - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
        5⤵
        
        PID:7832
  - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
      "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
      4⤵
      PID:3384
  - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
      "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
      4⤵
      PID:4796
  - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
      "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
      4⤵
      PID:7884
- - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
    "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
    3⤵
    PID:1604
  - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
      "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
      4⤵
      PID:3524
  - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
      "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
      4⤵
      PID:4352
  - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
      "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
      4⤵
      PID:7872
- - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
    "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
    3⤵
    PID:1820
  - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
      "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
      4⤵
      PID:8360
- - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
    "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
    3⤵
    PID:4400
- - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
    "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
    3⤵
    PID:6440
- - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
    "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
    3⤵
    PID:8432
- C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
  "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:924
- - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
    "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
    3⤵
    PID:1304
  - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
      "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
      4⤵
      PID:3876
  - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
      "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
      4⤵
      PID:5136
  - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
      "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
      4⤵
      PID:6968
- - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
    "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
    3⤵
    PID:3320
  - - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
      "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
      4⤵
      PID:7004
- - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
    "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
    3⤵
    PID:4836
- - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
    "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
    3⤵
    PID:7392
- C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
  "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
  2⤵
  PID:1692
- - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
    "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
    3⤵
    PID:3728
- - C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
    "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
    3⤵
    PID:6332
- C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
  "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
  2⤵
  PID:3092
- C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
  "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
  2⤵
  PID:4556
- C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
  "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
  2⤵
  PID:6448
- C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe
  "C:\Users\Admin\AppData\Local\Temp\4901a4f2a25f8171f07c4a7c7b9b3e30N.exe"
  2⤵
  PID:8444

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\swedish handjob gay uncut hole .zip.exe

Filesize
1.1MB

MD5
50c4338d7d58b0802e3272543b63bebd

SHA1
b1bf8de9b71d4c577aef64bab4b55fc789bd73cd

SHA256
fa9567f96825d912a2831f500fbddc35292def763523bfbcd003f6242c74b03a

SHA512
f4c1ad3e579ae4fbe831c035d1a09428baf4cb3676d6376df832089ee4374135963d78e69c689aeb2a0a91d107ce2a3ce9b64e233fb2444b9159e7e13a97a850

Download Submit
memory/476-137-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/564-118-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/564-96-0x0000000004A60000-0x0000000004A8B000-memory.dmp

Filesize
172KB

Download
memory/564-159-0x0000000004A70000-0x0000000004A9B000-memory.dmp

Filesize
172KB

Download
memory/584-141-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/660-180-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/660-168-0x00000000045D0000-0x00000000045FB000-memory.dmp

Filesize
172KB

Download
memory/924-70-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/924-125-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/924-88-0x0000000004960000-0x000000000498B000-memory.dmp

Filesize
172KB

Download
memory/924-178-0x0000000004960000-0x000000000498B000-memory.dmp

Filesize
172KB

Download
memory/1068-172-0x0000000004920000-0x000000000494B000-memory.dmp

Filesize
172KB

Download
memory/1068-175-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1080-73-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1080-129-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1080-91-0x00000000047D0000-0x00000000047FB000-memory.dmp

Filesize
172KB

Download
memory/1132-74-0x0000000004520000-0x000000000454B000-memory.dmp

Filesize
172KB

Download
memory/1132-140-0x0000000004520000-0x000000000454B000-memory.dmp

Filesize
172KB

Download
memory/1132-115-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1176-121-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1248-171-0x0000000004A70000-0x0000000004A9B000-memory.dmp

Filesize
172KB

Download
memory/1248-105-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1248-97-0x0000000004A70000-0x0000000004A9B000-memory.dmp

Filesize
172KB

Download
memory/1332-126-0x0000000004910000-0x000000000493B000-memory.dmp

Filesize
172KB

Download
memory/1332-148-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1380-132-0x0000000004910000-0x000000000493B000-memory.dmp

Filesize
172KB

Download
memory/1380-117-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1380-93-0x0000000004920000-0x000000000494B000-memory.dmp

Filesize
172KB

Download
memory/1380-66-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1380-76-0x0000000004910000-0x000000000493B000-memory.dmp

Filesize
172KB

Download
memory/1476-146-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1476-124-0x0000000004520000-0x000000000454B000-memory.dmp

Filesize
172KB

Download
memory/1492-69-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1492-116-0x00000000047F0000-0x000000000481B000-memory.dmp

Filesize
172KB

Download
memory/1492-150-0x00000000047F0000-0x000000000481B000-memory.dmp

Filesize
172KB

Download
memory/1492-123-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1492-77-0x00000000047F0000-0x000000000481B000-memory.dmp

Filesize
172KB

Download
memory/1604-166-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1604-138-0x0000000004910000-0x000000000493B000-memory.dmp

Filesize
172KB

Download
memory/1640-174-0x0000000004A60000-0x0000000004A8B000-memory.dmp

Filesize
172KB

Download
memory/1640-109-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1640-85-0x0000000004A60000-0x0000000004A8B000-memory.dmp

Filesize
172KB

Download
memory/1640-30-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1640-120-0x0000000004A70000-0x0000000004A9B000-memory.dmp

Filesize
172KB

Download
memory/1680-149-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1692-170-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1692-147-0x0000000004A50000-0x0000000004A7B000-memory.dmp

Filesize
172KB

Download
memory/1700-145-0x0000000004940000-0x000000000496B000-memory.dmp

Filesize
172KB

Download
memory/1700-169-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1780-133-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1780-103-0x00000000047D0000-0x00000000047FB000-memory.dmp

Filesize
172KB

Download
memory/1780-177-0x0000000004A70000-0x0000000004A9B000-memory.dmp

Filesize
172KB

Download
memory/1848-0-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1848-5-0x0000000000780000-0x00000000007AB000-memory.dmp

Filesize
172KB

Download
memory/1848-104-0x0000000000780000-0x00000000007AB000-memory.dmp

Filesize
172KB

Download
memory/1848-100-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1848-167-0x0000000004BD0000-0x0000000004BFB000-memory.dmp

Filesize
172KB

Download
memory/1848-81-0x0000000004BD0000-0x0000000004BFB000-memory.dmp

Filesize
172KB

Download
memory/2004-136-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2052-122-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2052-68-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2100-130-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2100-94-0x0000000004930000-0x000000000495B000-memory.dmp

Filesize
172KB

Download
memory/2124-72-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2124-176-0x0000000004A70000-0x0000000004A9B000-memory.dmp

Filesize
172KB

Download
memory/2124-87-0x0000000004A70000-0x0000000004A9B000-memory.dmp

Filesize
172KB

Download
memory/2124-128-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2152-106-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2168-71-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2168-89-0x0000000004910000-0x000000000493B000-memory.dmp

Filesize
172KB

Download
memory/2168-127-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2188-164-0x0000000004930000-0x000000000495B000-memory.dmp

Filesize
172KB

Download
memory/2188-131-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2188-98-0x0000000004910000-0x000000000493B000-memory.dmp

Filesize
172KB

Download
memory/2272-80-0x0000000004930000-0x000000000495B000-memory.dmp

Filesize
172KB

Download
memory/2272-113-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2272-162-0x0000000004930000-0x000000000495B000-memory.dmp

Filesize
172KB

Download
memory/2392-143-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2552-95-0x0000000004A70000-0x0000000004A9B000-memory.dmp

Filesize
172KB

Download
memory/2552-112-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2552-144-0x0000000004A70000-0x0000000004A9B000-memory.dmp

Filesize
172KB

Download
memory/2588-111-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2588-179-0x00000000044D0000-0x00000000044FB000-memory.dmp

Filesize
172KB

Download
memory/2664-114-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2720-173-0x0000000004950000-0x000000000497B000-memory.dmp

Filesize
172KB

Download
memory/2720-110-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2720-99-0x0000000004950000-0x000000000497B000-memory.dmp

Filesize
172KB

Download
memory/2772-90-0x0000000004930000-0x000000000495B000-memory.dmp

Filesize
172KB

Download
memory/2772-29-0x00000000047D0000-0x00000000047FB000-memory.dmp

Filesize
172KB

Download
memory/2772-135-0x0000000004930000-0x000000000495B000-memory.dmp

Filesize
172KB

Download
memory/2772-108-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2860-67-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2860-119-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2896-134-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2932-158-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2932-139-0x0000000004910000-0x000000000493B000-memory.dmp

Filesize
172KB

Download