9efc8842dc994d62ab86ad49fc83a412c5aed94bae408833176aa7ba968da87d

Analysis

max time kernel
11s
max time network
7s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
09/07/2024, 03:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2496cdbf3ed9e67da86e642cb15b08f0N.exe
Size

1.3MB
MD5

2496cdbf3ed9e67da86e642cb15b08f0
SHA1

872b7a67b8d021791941eb23af48f41a9d9c7e08
SHA256

9efc8842dc994d62ab86ad49fc83a412c5aed94bae408833176aa7ba968da87d
SHA512

344d2e5f7f735f43de1bf009e457c89fa4fdf594fcc0cc17dfb6154ee6dd5ed0f0c60045e4cc628b8903081700e9ebd0bcdf230254b93f096e68f6d05d6d1499
SSDEEP

24576:oWANaIGSub7xrmvGpFRn3uwBCK5Mhv8HDFdB8uI+Vl0/FYv+WKkxwl/7:VANRGfVqek0bHJ8p+8WvGOaD

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 10 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000\Control Panel\International\Geo\Nation	2496cdbf3ed9e67da86e642cb15b08f0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000\Control Panel\International\Geo\Nation	2496cdbf3ed9e67da86e642cb15b08f0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000\Control Panel\International\Geo\Nation	2496cdbf3ed9e67da86e642cb15b08f0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000\Control Panel\International\Geo\Nation	2496cdbf3ed9e67da86e642cb15b08f0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000\Control Panel\International\Geo\Nation	2496cdbf3ed9e67da86e642cb15b08f0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000\Control Panel\International\Geo\Nation	2496cdbf3ed9e67da86e642cb15b08f0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000\Control Panel\International\Geo\Nation	2496cdbf3ed9e67da86e642cb15b08f0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000\Control Panel\International\Geo\Nation	2496cdbf3ed9e67da86e642cb15b08f0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000\Control Panel\International\Geo\Nation	2496cdbf3ed9e67da86e642cb15b08f0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000\Control Panel\International\Geo\Nation	2496cdbf3ed9e67da86e642cb15b08f0N.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	2496cdbf3ed9e67da86e642cb15b08f0N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\R:	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File opened (read-only)	\??\Z:	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File opened (read-only)	\??\G:	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File opened (read-only)	\??\J:	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File opened (read-only)	\??\N:	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File opened (read-only)	\??\S:	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File opened (read-only)	\??\V:	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File opened (read-only)	\??\E:	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File opened (read-only)	\??\L:	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File opened (read-only)	\??\M:	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File opened (read-only)	\??\O:	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File opened (read-only)	\??\P:	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File opened (read-only)	\??\Q:	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File opened (read-only)	\??\T:	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File opened (read-only)	\??\W:	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File opened (read-only)	\??\A:	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File opened (read-only)	\??\X:	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File opened (read-only)	\??\H:	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File opened (read-only)	\??\I:	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File opened (read-only)	\??\K:	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File opened (read-only)	\??\U:	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File opened (read-only)	\??\Y:	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File opened (read-only)	\??\B:	2496cdbf3ed9e67da86e642cb15b08f0N.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\fucking [free] boobs .avi.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\SysWOW64\FxsTmp\french xxx full movie bondage (Britney).rar.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\gay xxx hidden .rar.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\american action [free] .avi.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\SysWOW64\FxsTmp\american blowjob full movie ejaculation .mpg.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\fucking hot (!) .mpeg.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\blowjob lingerie catfight ejaculation .avi.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\System32\DriverStore\Temp\black cum [free] mature .zip.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\german bukkake girls (Sarah).avi.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\chinese lingerie girls (Sylvia).zip.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\russian bukkake lesbian [milf] sm .rar.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\horse blowjob [bangbus] mature .mpg.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\action [milf] hairy .avi.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Program Files (x86)\Google\Update\Download\swedish gay uncut glans upskirt .rar.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\porn lesbian vagina (Tatjana,Tatjana).mpeg.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Program Files\Microsoft Office\root\Templates\chinese lingerie horse girls .zip.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\handjob uncut circumcision (Sonja,Anniston).mpg.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\malaysia bukkake beastiality big cock latex .avi.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Program Files\dotnet\shared\malaysia cumshot gay voyeur .rar.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Program Files (x86)\Google\Temp\fucking xxx [milf] hotel .rar.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Program Files (x86)\Microsoft\Temp\spanish fucking action big hole swallow .avi.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\fetish lingerie licking .rar.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\norwegian animal hot (!) hole (Jenna).mpg.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\indian fetish licking leather .zip.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\norwegian animal masturbation .avi.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Program Files\Common Files\microsoft shared\swedish cumshot full movie nipples lady .zip.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\asian fucking trambling [free] ash shower .mpg.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\indian cumshot hot (!) redhair .zip.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\german fetish fucking voyeur glans .mpg.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\bukkake sleeping gorgeoushorny (Ashley,Britney).rar.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\japanese trambling hidden (Britney).mpeg.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\chinese action sperm voyeur cock .rar.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\tyrkish beastiality action licking YEâPSè& (Curtney).avi.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\black lesbian hidden .zip.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\chinese hardcore [milf] .mpg.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\norwegian nude lingerie lesbian hole latex (Samantha,Sonja).avi.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\fetish sperm full movie .zip.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\brasilian gang bang girls glans .mpeg.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\bukkake voyeur femdom (Anniston,Sonja).mpg.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\InputMethod\SHARED\american horse sleeping balls (Liz,Sonja).avi.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\swedish sperm [milf] young .zip.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\fucking cumshot sleeping 50+ .zip.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\russian fucking sleeping glans circumcision .mpg.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\german fetish [bangbus] redhair .rar.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\sperm licking 50+ .mpeg.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\cumshot masturbation boobs upskirt (Kathrin,Sonja).mpg.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\german fetish big (Christine).mpeg.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\fucking several models hotel .mpg.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\horse masturbation (Sonja).mpeg.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\hardcore several models hole penetration .zip.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\indian fucking gang bang sleeping leather .zip.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\tyrkish kicking sperm several models mature .avi.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\swedish xxx big (Sonja).mpeg.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\beastiality bukkake hidden .avi.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\mssrv.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\CbsTemp\canadian hardcore nude girls lady .mpeg.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\assembly\tmp\french handjob [bangbus] .mpg.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\horse [bangbus] ash (Ashley).mpeg.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\chinese gay hot (!) legs .mpeg.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\black animal big .mpeg.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\italian cumshot horse sleeping (Gina,Janette).mpeg.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\german beastiality beastiality voyeur shoes .avi.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\nude blowjob masturbation hotel .mpg.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\handjob beastiality [milf] .zip.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\african gay hidden legs .mpeg.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\japanese animal nude hot (!) cock YEâPSè& .mpeg.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\blowjob lesbian girls feet (Curtney,Jenna).rar.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\japanese horse girls boobs .mpg.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\italian blowjob handjob uncut (Tatjana).mpeg.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\animal beast hot (!) ash .zip.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_5af076e0a3cb0fa7\american handjob masturbation leather .mpeg.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\security\templates\russian beastiality action lesbian hole .rar.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\xxx kicking lesbian glans (Sylvia,Britney).avi.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\animal fucking girls upskirt .zip.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\german beastiality beastiality hot (!) .mpeg.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\beastiality cumshot public glans bedroom .zip.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\russian beast [milf] .mpeg.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\spanish handjob licking circumcision .zip.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\bukkake horse hot (!) fishy (Anniston).mpeg.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\handjob licking mistress .rar.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_5abbd3c4a3f2014c\norwegian sperm hot (!) redhair .avi.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\malaysia beast nude uncut traffic .mpg.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\SoftwareDistribution\Download\blowjob porn public bondage .rar.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\french sperm [milf] .mpeg.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\handjob lingerie [free] cock .mpeg.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\swedish cum full movie wifey (Liz,Sarah).mpeg.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\malaysia horse gay girls (Kathrin).zip.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\Downloaded Program Files\italian beast hot (!) blondie (Liz,Janette).mpeg.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\french sperm lesbian licking .mpg.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\brasilian kicking horse full movie (Gina,Jade).zip.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\spanish xxx hot (!) .mpeg.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\cumshot bukkake uncut legs .zip.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\asian animal nude hidden nipples wifey .rar.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\british lesbian licking feet high heels .mpeg.exe	2496cdbf3ed9e67da86e642cb15b08f0N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 60 IoCs

pid	Process
2236	2496cdbf3ed9e67da86e642cb15b08f0N.exe
2236	2496cdbf3ed9e67da86e642cb15b08f0N.exe
4412	2496cdbf3ed9e67da86e642cb15b08f0N.exe
4412	2496cdbf3ed9e67da86e642cb15b08f0N.exe
2236	2496cdbf3ed9e67da86e642cb15b08f0N.exe
2236	2496cdbf3ed9e67da86e642cb15b08f0N.exe
4784	2496cdbf3ed9e67da86e642cb15b08f0N.exe
4784	2496cdbf3ed9e67da86e642cb15b08f0N.exe
5096	2496cdbf3ed9e67da86e642cb15b08f0N.exe
5096	2496cdbf3ed9e67da86e642cb15b08f0N.exe
4412	2496cdbf3ed9e67da86e642cb15b08f0N.exe
4412	2496cdbf3ed9e67da86e642cb15b08f0N.exe
2236	2496cdbf3ed9e67da86e642cb15b08f0N.exe
2236	2496cdbf3ed9e67da86e642cb15b08f0N.exe
2392	2496cdbf3ed9e67da86e642cb15b08f0N.exe
2392	2496cdbf3ed9e67da86e642cb15b08f0N.exe
3148	2496cdbf3ed9e67da86e642cb15b08f0N.exe
3148	2496cdbf3ed9e67da86e642cb15b08f0N.exe
4412	2496cdbf3ed9e67da86e642cb15b08f0N.exe
4412	2496cdbf3ed9e67da86e642cb15b08f0N.exe
736	2496cdbf3ed9e67da86e642cb15b08f0N.exe
736	2496cdbf3ed9e67da86e642cb15b08f0N.exe
4784	2496cdbf3ed9e67da86e642cb15b08f0N.exe
2236	2496cdbf3ed9e67da86e642cb15b08f0N.exe
4784	2496cdbf3ed9e67da86e642cb15b08f0N.exe
2236	2496cdbf3ed9e67da86e642cb15b08f0N.exe
2460	2496cdbf3ed9e67da86e642cb15b08f0N.exe
2460	2496cdbf3ed9e67da86e642cb15b08f0N.exe
5096	2496cdbf3ed9e67da86e642cb15b08f0N.exe
5096	2496cdbf3ed9e67da86e642cb15b08f0N.exe
2668	2496cdbf3ed9e67da86e642cb15b08f0N.exe
2668	2496cdbf3ed9e67da86e642cb15b08f0N.exe
4888	2496cdbf3ed9e67da86e642cb15b08f0N.exe
4888	2496cdbf3ed9e67da86e642cb15b08f0N.exe
2392	2496cdbf3ed9e67da86e642cb15b08f0N.exe
2392	2496cdbf3ed9e67da86e642cb15b08f0N.exe
4412	2496cdbf3ed9e67da86e642cb15b08f0N.exe
4412	2496cdbf3ed9e67da86e642cb15b08f0N.exe
3584	2496cdbf3ed9e67da86e642cb15b08f0N.exe
3584	2496cdbf3ed9e67da86e642cb15b08f0N.exe
4160	2496cdbf3ed9e67da86e642cb15b08f0N.exe
4160	2496cdbf3ed9e67da86e642cb15b08f0N.exe
3496	2496cdbf3ed9e67da86e642cb15b08f0N.exe
2236	2496cdbf3ed9e67da86e642cb15b08f0N.exe
3496	2496cdbf3ed9e67da86e642cb15b08f0N.exe
2236	2496cdbf3ed9e67da86e642cb15b08f0N.exe
4784	2496cdbf3ed9e67da86e642cb15b08f0N.exe
4784	2496cdbf3ed9e67da86e642cb15b08f0N.exe
5096	2496cdbf3ed9e67da86e642cb15b08f0N.exe
5096	2496cdbf3ed9e67da86e642cb15b08f0N.exe
1160	2496cdbf3ed9e67da86e642cb15b08f0N.exe
1160	2496cdbf3ed9e67da86e642cb15b08f0N.exe
536	2496cdbf3ed9e67da86e642cb15b08f0N.exe
536	2496cdbf3ed9e67da86e642cb15b08f0N.exe
3148	2496cdbf3ed9e67da86e642cb15b08f0N.exe
3148	2496cdbf3ed9e67da86e642cb15b08f0N.exe
920	2496cdbf3ed9e67da86e642cb15b08f0N.exe
736	2496cdbf3ed9e67da86e642cb15b08f0N.exe
736	2496cdbf3ed9e67da86e642cb15b08f0N.exe
920	2496cdbf3ed9e67da86e642cb15b08f0N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2236 wrote to memory of 4412	2236	2496cdbf3ed9e67da86e642cb15b08f0N.exe	85
PID 2236 wrote to memory of 4412	2236	2496cdbf3ed9e67da86e642cb15b08f0N.exe	85
PID 2236 wrote to memory of 4412	2236	2496cdbf3ed9e67da86e642cb15b08f0N.exe	85
PID 4412 wrote to memory of 4784	4412	2496cdbf3ed9e67da86e642cb15b08f0N.exe	86
PID 4412 wrote to memory of 4784	4412	2496cdbf3ed9e67da86e642cb15b08f0N.exe	86
PID 4412 wrote to memory of 4784	4412	2496cdbf3ed9e67da86e642cb15b08f0N.exe	86
PID 2236 wrote to memory of 5096	2236	2496cdbf3ed9e67da86e642cb15b08f0N.exe	87
PID 2236 wrote to memory of 5096	2236	2496cdbf3ed9e67da86e642cb15b08f0N.exe	87
PID 2236 wrote to memory of 5096	2236	2496cdbf3ed9e67da86e642cb15b08f0N.exe	87
PID 4412 wrote to memory of 2392	4412	2496cdbf3ed9e67da86e642cb15b08f0N.exe	88
PID 4412 wrote to memory of 2392	4412	2496cdbf3ed9e67da86e642cb15b08f0N.exe	88
PID 4412 wrote to memory of 2392	4412	2496cdbf3ed9e67da86e642cb15b08f0N.exe	88
PID 2236 wrote to memory of 3148	2236	2496cdbf3ed9e67da86e642cb15b08f0N.exe	89
PID 2236 wrote to memory of 3148	2236	2496cdbf3ed9e67da86e642cb15b08f0N.exe	89
PID 2236 wrote to memory of 3148	2236	2496cdbf3ed9e67da86e642cb15b08f0N.exe	89
PID 4784 wrote to memory of 736	4784	2496cdbf3ed9e67da86e642cb15b08f0N.exe	90
PID 4784 wrote to memory of 736	4784	2496cdbf3ed9e67da86e642cb15b08f0N.exe	90
PID 4784 wrote to memory of 736	4784	2496cdbf3ed9e67da86e642cb15b08f0N.exe	90
PID 5096 wrote to memory of 2460	5096	2496cdbf3ed9e67da86e642cb15b08f0N.exe	91
PID 5096 wrote to memory of 2460	5096	2496cdbf3ed9e67da86e642cb15b08f0N.exe	91
PID 5096 wrote to memory of 2460	5096	2496cdbf3ed9e67da86e642cb15b08f0N.exe	91
PID 2392 wrote to memory of 2668	2392	2496cdbf3ed9e67da86e642cb15b08f0N.exe	92
PID 2392 wrote to memory of 2668	2392	2496cdbf3ed9e67da86e642cb15b08f0N.exe	92
PID 2392 wrote to memory of 2668	2392	2496cdbf3ed9e67da86e642cb15b08f0N.exe	92
PID 4412 wrote to memory of 4888	4412	2496cdbf3ed9e67da86e642cb15b08f0N.exe	93
PID 4412 wrote to memory of 4888	4412	2496cdbf3ed9e67da86e642cb15b08f0N.exe	93
PID 4412 wrote to memory of 4888	4412	2496cdbf3ed9e67da86e642cb15b08f0N.exe	93
PID 2236 wrote to memory of 3584	2236	2496cdbf3ed9e67da86e642cb15b08f0N.exe	94
PID 2236 wrote to memory of 3584	2236	2496cdbf3ed9e67da86e642cb15b08f0N.exe	94
PID 2236 wrote to memory of 3584	2236	2496cdbf3ed9e67da86e642cb15b08f0N.exe	94
PID 4784 wrote to memory of 4160	4784	2496cdbf3ed9e67da86e642cb15b08f0N.exe	95
PID 4784 wrote to memory of 4160	4784	2496cdbf3ed9e67da86e642cb15b08f0N.exe	95
PID 4784 wrote to memory of 4160	4784	2496cdbf3ed9e67da86e642cb15b08f0N.exe	95
PID 5096 wrote to memory of 3496	5096	2496cdbf3ed9e67da86e642cb15b08f0N.exe	96
PID 5096 wrote to memory of 3496	5096	2496cdbf3ed9e67da86e642cb15b08f0N.exe	96
PID 5096 wrote to memory of 3496	5096	2496cdbf3ed9e67da86e642cb15b08f0N.exe	96
PID 3148 wrote to memory of 1160	3148	2496cdbf3ed9e67da86e642cb15b08f0N.exe	97
PID 3148 wrote to memory of 1160	3148	2496cdbf3ed9e67da86e642cb15b08f0N.exe	97
PID 3148 wrote to memory of 1160	3148	2496cdbf3ed9e67da86e642cb15b08f0N.exe	97
PID 736 wrote to memory of 536	736	2496cdbf3ed9e67da86e642cb15b08f0N.exe	98
PID 736 wrote to memory of 536	736	2496cdbf3ed9e67da86e642cb15b08f0N.exe	98
PID 736 wrote to memory of 536	736	2496cdbf3ed9e67da86e642cb15b08f0N.exe	98
PID 2460 wrote to memory of 920	2460	2496cdbf3ed9e67da86e642cb15b08f0N.exe	99
PID 2460 wrote to memory of 920	2460	2496cdbf3ed9e67da86e642cb15b08f0N.exe	99
PID 2460 wrote to memory of 920	2460	2496cdbf3ed9e67da86e642cb15b08f0N.exe	99
PID 2392 wrote to memory of 4400	2392	2496cdbf3ed9e67da86e642cb15b08f0N.exe	100
PID 2392 wrote to memory of 4400	2392	2496cdbf3ed9e67da86e642cb15b08f0N.exe	100
PID 2392 wrote to memory of 4400	2392	2496cdbf3ed9e67da86e642cb15b08f0N.exe	100
PID 2668 wrote to memory of 768	2668	2496cdbf3ed9e67da86e642cb15b08f0N.exe	101
PID 2668 wrote to memory of 768	2668	2496cdbf3ed9e67da86e642cb15b08f0N.exe	101
PID 2668 wrote to memory of 768	2668	2496cdbf3ed9e67da86e642cb15b08f0N.exe	101
PID 4412 wrote to memory of 5008	4412	2496cdbf3ed9e67da86e642cb15b08f0N.exe	102
PID 4412 wrote to memory of 5008	4412	2496cdbf3ed9e67da86e642cb15b08f0N.exe	102
PID 4412 wrote to memory of 5008	4412	2496cdbf3ed9e67da86e642cb15b08f0N.exe	102
PID 2236 wrote to memory of 3548	2236	2496cdbf3ed9e67da86e642cb15b08f0N.exe	103
PID 2236 wrote to memory of 3548	2236	2496cdbf3ed9e67da86e642cb15b08f0N.exe	103
PID 2236 wrote to memory of 3548	2236	2496cdbf3ed9e67da86e642cb15b08f0N.exe	103
PID 5096 wrote to memory of 1136	5096	2496cdbf3ed9e67da86e642cb15b08f0N.exe	104
PID 5096 wrote to memory of 1136	5096	2496cdbf3ed9e67da86e642cb15b08f0N.exe	104
PID 5096 wrote to memory of 1136	5096	2496cdbf3ed9e67da86e642cb15b08f0N.exe	104
PID 4784 wrote to memory of 2156	4784	2496cdbf3ed9e67da86e642cb15b08f0N.exe	105
PID 4784 wrote to memory of 2156	4784	2496cdbf3ed9e67da86e642cb15b08f0N.exe	105
PID 4784 wrote to memory of 2156	4784	2496cdbf3ed9e67da86e642cb15b08f0N.exe	105
PID 3148 wrote to memory of 3984	3148	2496cdbf3ed9e67da86e642cb15b08f0N.exe	106

C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
"C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2236
- C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
  "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4412
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4784
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:736
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:536
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        8⤵
        
        PID:9868
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        9⤵
        
        PID:21308
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        8⤵
        
        PID:13960
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        8⤵
        
        PID:20292
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:7460
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        8⤵
        
        PID:15804
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        8⤵
        
        PID:22916
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:10640
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        8⤵
        
        PID:23912
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:15220
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:22260
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:8916
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        8⤵
        
        PID:18832
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        8⤵
        
        PID:27028
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:12932
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:18660
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:26432
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:7200
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:15612
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:22672
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:9920
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:23872
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:13376
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:21004
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:2028
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:8716
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        8⤵
        
        PID:18308
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        8⤵
        
        PID:26096
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:12464
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        8⤵
        
        PID:23772
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:18420
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:25948
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:7080
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:14880
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:21664
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:10096
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:21592
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:14200
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:20568
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:4600
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:7904
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:16352
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:4644
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:11164
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:24696
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:15716
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:23744
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:6588
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:10348
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:25672
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:17872
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:5932
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:8892
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:19648
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:27384
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:12908
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:18740
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:26456
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4160
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:3180
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:9644
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        8⤵
        
        PID:21052
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:13588
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:19800
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:27472
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:7312
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:15560
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:22084
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:10400
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:23896
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:14888
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:21672
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:5400
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:8700
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:27076
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:12384
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:14772
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:18192
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:20188
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:7104
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:15596
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:22664
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:9996
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:21000
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:13972
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:20280
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:2156
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:5192
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:7912
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:17268
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:24668
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:11172
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:24424
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:14344
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:3020
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:6628
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:12744
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:26884
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:18044
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:26104
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:8992
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:18944
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:27288
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:13236
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:19020
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:804
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:3288
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:7888
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:17292
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:9828
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:11156
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:23980
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:16236
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:5312
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:6596
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:11608
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:24244
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:17864
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:19184
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:8924
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:19816
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:27516
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:12968
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:18748
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:26508
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2392
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2668
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:768
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:7288
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        8⤵
        
        PID:17180
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        8⤵
        
        PID:11124
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:10388
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        8⤵
        
        PID:23928
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:14700
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:21568
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:6376
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:11792
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        8⤵
        
        PID:15536
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:17132
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:10724
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:8476
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:17260
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:24652
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:11972
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:18280
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:17148
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:11860
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:2564
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:6288
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:10964
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        8⤵
        
        PID:24004
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:16304
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:23544
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:8492
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:17672
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:15752
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:12064
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:19004
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:17236
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:11888
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:5900
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:10356
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:23888
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:14636
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:21488
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:8236
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:17228
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:11968
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:11484
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:15096
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:16652
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:8268
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:4400
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:2332
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:10888
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        8⤵
        
        PID:24416
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:15276
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:22436
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:8272
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:17300
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:24688
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:11640
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:4992
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:16796
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:6392
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:5220
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:10564
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:23988
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:15152
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:22020
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:7652
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:17276
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:24680
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:11364
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:25128
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:16444
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:7428
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:4856
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:6084
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:10136
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:21940
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:14232
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:20684
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:7248
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:16376
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:25308
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:11476
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:25188
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:16660
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:8264
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:6116
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:10324
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:23904
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:14668
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:21584
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:7420
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:17244
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:12084
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:11328
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:24840
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:16552
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:7424
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:4888
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:2088
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:5716
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:9168
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:19872
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:3280
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:13348
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:19360
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:26648
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:7304
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:15756
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:22856
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:10384
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:23880
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:14692
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:21576
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:5224
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:8016
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:17284
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:10264
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:10764
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:18260
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:16104
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:24352
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:6704
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:12480
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:26708
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:17496
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:25908
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:9144
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:20300
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:10776
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:19280
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:24256
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    PID:5008
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:1652
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:6888
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:13476
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:19176
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:27280
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:9532
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:21284
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:13628
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:20044
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:8956
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:6352
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:9468
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:25804
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:18032
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:19100
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:8428
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:17384
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:24660
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:11804
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:14388
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:17124
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:11020
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    PID:2952
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:6572
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:12496
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:24240
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:17972
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:26076
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:9160
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:20472
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:12540
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:19272
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:24120
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    PID:6264
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:11372
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:25208
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:16592
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:7940
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    PID:8420
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:17724
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:15584
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    PID:11780
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:17660
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    PID:17140
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    PID:10708
- C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
  "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:5096
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2460
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:920
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:3664
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:9880
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        8⤵
        
        PID:20920
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:13980
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:20400
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:7468
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:16160
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:23300
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:10652
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:23956
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:15208
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:22116
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:5728
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:9800
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:21292
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:13768
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:20136
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:5660
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:7296
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:15780
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:22888
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:10408
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:24012
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:15032
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:21780
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:4260
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:5904
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:9416
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:21276
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:13468
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:1880
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:27272
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:7380
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:15576
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:22656
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:10472
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:23996
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:15044
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:21920
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:5420
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:8664
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:760
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:27020
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:12436
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:3544
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:18412
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:25956
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:7124
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:14660
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:1096
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:10180
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:22444
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:14276
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:20668
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3496
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:624
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:5876
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:10016
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:21340
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:14068
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:20420
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:7400
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:15764
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:22864
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:10556
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:24260
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:15160
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:22028
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:5440
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:8876
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:20176
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:1920
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:12752
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:26892
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:18100
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:26052
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:7192
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:15632
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:22848
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:10252
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:22816
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:14464
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:21040
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    PID:1136
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:5268
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:8728
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:724
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:27304
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:12416
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:4140
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:18336
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:25736
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:6784
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:13284
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:19068
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:21632
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:9576
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:21300
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:13572
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:19760
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:27508
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    PID:3556
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:7756
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:16336
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:22384
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:10956
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:23964
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:16256
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:21760
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    PID:6476
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:11516
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:2180
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:17848
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:19304
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    PID:8672
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:2680
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:26988
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    PID:12472
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:26668
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    PID:1572
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    PID:26060
- C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
  "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3148
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1160
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:912
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:5868
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:10120
        
        C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        7⤵
        
        PID:21788
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:14220
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:19712
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:7408
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:16176
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:23324
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:10572
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:24704
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:15144
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:22012
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:5448
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:8908
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:19480
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:27296
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:12924
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:18712
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:26448
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:7152
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:15788
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:23308
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:10220
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:23864
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:14284
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:20692
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    PID:3984
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:5408
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:8900
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:19824
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:27524
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:12960
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:18676
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:26440
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:7116
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:15772
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:23316
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:10212
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:22900
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:13892
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:20888
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    PID:1728
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:6924
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:13124
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:18924
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:26516
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:9624
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:21316
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:13580
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:19808
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:2632
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    PID:6504
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:11520
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:25832
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:17840
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:19172
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    PID:8884
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:19656
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:27340
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    PID:12916
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:26996
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    PID:18668
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    PID:26464
- C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
  "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3584
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    PID:1444
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:5964
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:9504
      - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        6⤵
        
        PID:20992
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:13516
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:19384
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:27500
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:7712
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:15796
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:22908
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:10860
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:23920
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:15268
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:22428
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    PID:5536
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:8708
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:18160
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:19460
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:12392
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:428
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:18184
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:20288
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    PID:7160
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:15568
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:524
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    PID:9140
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:22456
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    PID:2176
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    PID:20796
- C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
  "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
  2⤵
  PID:3548
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    PID:5184
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:7880
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:17252
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:11864
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:11080
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:24372
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:16344
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:22704
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    PID:6724
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:12680
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:26704
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:18048
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:26088
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    PID:9248
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:20408
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    PID:13388
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    PID:4480
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    PID:26980
- C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
  "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
  2⤵
  PID:3156
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    PID:6640
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:12488
    - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
        5⤵
        
        PID:16156
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:16896
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:26068
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    PID:9152
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:18856
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    PID:12700
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    PID:19264
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    PID:19408
- C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
  "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
  2⤵
  PID:6192
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    PID:10480
  - - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
      4⤵
      PID:23972
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    PID:15120
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    PID:21980
- C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
  "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
  2⤵
  PID:8280
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    PID:16680
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    PID:25404
- C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
  "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
  2⤵
  PID:11656
- - C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
    3⤵
    PID:17620
- C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
  "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
  2⤵
  PID:16840
- C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe
  "C:\Users\Admin\AppData\Local\Temp\2496cdbf3ed9e67da86e642cb15b08f0N.exe"
  2⤵
  PID:5504

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\german fetish fucking voyeur glans .mpg.exe

Filesize
2.1MB

MD5
59943171a2c6d719743ebcd6efb47661

SHA1
30a5ff652717c014a403636339e4e2fd07e1c5b6

SHA256
5cc4a265acb73c2cc069bb5c7a49a0b83d9901684a61e63af5d5b6bd5352db06

SHA512
d078dfaef57bf74149089bef4b20bf5ab76483cfa29b847b0652308e3a80ae76aba9ea50f4602669c1985ae299aacc28d99fa7e7605388700e0c477888ff3748

Download Submit
memory/736-188-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/912-199-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/920-195-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1160-194-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1444-198-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1652-205-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1728-206-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2156-197-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2236-263-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2236-0-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2332-201-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2392-186-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2460-189-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2564-202-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2668-190-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2952-203-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3148-187-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3148-276-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3156-204-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3288-208-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3548-196-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3556-207-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3584-192-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3664-200-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4160-193-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4412-266-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4412-37-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4784-268-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4784-159-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4888-191-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5096-270-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5184-209-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5192-210-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5224-211-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5268-212-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5356-213-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5440-214-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5448-215-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5536-216-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5544-217-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5716-218-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5728-219-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5768-220-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5868-222-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5876-221-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5900-228-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5904-223-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5964-224-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5992-225-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6084-226-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6116-227-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6184-229-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6192-230-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6264-231-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6288-232-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6376-233-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6476-234-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6504-235-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6572-236-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6588-237-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6596-238-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6628-239-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6704-240-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6724-241-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6924-242-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7104-243-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7116-244-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7124-245-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7152-246-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7192-247-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7200-248-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7248-259-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7296-249-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7304-250-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7312-251-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7380-254-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7420-260-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7460-252-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7468-253-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7652-261-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7888-257-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7904-255-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7912-256-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8016-258-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8236-262-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8272-264-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8428-265-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8476-269-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8492-267-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8664-271-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8700-272-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8708-273-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8716-274-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8728-275-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8916-277-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8992-279-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download